CVE-2024-44070

An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value.

Published: Aug 19, 2024
Updated: May 4, 2025
CVE: CVE-2024-44070
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
frrouting / frrouting	-	10.1.x
redhat / enterprise_linux	8.0	8.0.x
redhat / enterprise_linux	9.0	9.0.x

https://github.com/FRRouting/frr/pull/16497

Vulnerability Database

289,599

CVE-2024-44070