#VU67275 Memory leak in frr - CVE-2019-25074

Cybersecurity Help s.r.o.

Published: 2022-09-13

Vulnerability identifier: #VU67275

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-25074

CWE-ID: CWE-401

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
frr
Other software / Other software solutions

Vendor: frrouting.org

Description
The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak when processing IS-IS HELLO packets. A remote attacker can send specially crafted packets to the IS-IS daemon, trigger memory leak and perform denial of service attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

frr: 2.0 - 8.3

External links
https://github.com/FRRouting/frr/commit/49efc80d342d8e8373c8af040580bd7940808730
https://bugzilla.suse.com/show_bug.cgi?id=1202022

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for frr

Multiple vulnerabilities in FRRouting (FRR)