CVE-2024-55553
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-55553 is a vulnerability affecting FRRouting (FRR) versions before 10.3. The issue arises when the total size of updates received via RTR exceeds the internal socket's buffer size, causing all routes to be re-validated. An attacker can exploit this by sending a large number of updates within an update interval, leading to continuous route validation and performance degradation. This issue can impact routers with large full tables, potentially causing heightened BMP traffic to ingestors and affecting FRR instances using RPKI globally. Versions of FRRouting below 10.0.3, 10.1.2, and 10.2.1 are vulnerable. Upgrading to FRRouting 10.3 or above mitigates the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.