CVE-2024-34088 – This vulnerability in FRRouting (FRR) allows at... (How to Fix)

Q: What is the severity of CVE-2024-34088?

CVE-2024-34088 has a CVSS score of 7.5 (HIGH). This vulnerability in FRRouting (FRR) allows attackers to cause a denial of service by triggering a NULL pointer dereference in the OSPF daemon. When the get_edge() function returns NULL and calling functions don't handle this properly, the OSPF process crashes. Network administrators using FRR for OSPF routing are affected.

📋 TL;DR

This vulnerability in FRRouting (FRR) allows attackers to cause a denial of service by triggering a NULL pointer dereference in the OSPF daemon. When the get_edge() function returns NULL and calling functions don't handle this properly, the OSPF process crashes. Network administrators using FRR for OSPF routing are affected.

💻 Affected Systems

Products:

FRRouting (FRR)

Versions: All versions through 9.1

Operating Systems: Linux, FreeBSD, Other Unix-like systems running FRR

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with OSPF enabled and using Traffic Engineering extensions

📦 What is this software?

Frrouting by Frrouting

View all CVEs affecting Frrouting →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of OSPF routing, causing network outages and traffic blackholing across the affected network segment

🟠

Likely Case

OSPF daemon crashes repeatedly, causing intermittent routing instability and requiring manual process restarts

🟢

If Mitigated

Limited to single OSPF instance disruption if proper segmentation and redundancy are in place

🌐 Internet-Facing: MEDIUM - OSPF is typically internal, but could be exposed at network boundaries

🏢 Internal Only: HIGH - OSPF is core to internal routing, crashes can disrupt entire network

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW - Requires sending specially crafted OSPF packets

Exploitation requires network access to OSPF port 89, but no authentication

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.2 and later, or apply commit 34d704fb0ea60dc5063af477a2c11d4884984d4f

Vendor Advisory: https://github.com/FRRouting/frr/pull/15674

Restart Required: Yes

Instructions:

1. Update FRR to version 9.2 or later. 2. Restart the OSPF daemon (ospfd). 3. Verify OSPF adjacency re-establishes.

🔧 Temporary Workarounds

Disable OSPF Traffic Engineering

linux

Remove Traffic Engineering extensions from OSPF configuration

vtysh -c 'configure terminal' -c 'router ospf' -c 'no mpls-te'

Implement OSPF authentication

linux

Add MD5 authentication to OSPF to prevent unauthorized packets

vtysh -c 'configure terminal' -c 'router ospf' -c 'area 0 authentication message-digest'

🧯 If You Can't Patch

Implement strict network segmentation to limit OSPF traffic to trusted sources only
Deploy network monitoring to detect OSPF daemon crashes and implement automatic restart scripts

🔍 How to Verify

Check if Vulnerable:

Check FRR version: vtysh -c 'show version' | grep -i frr

Check Version:

vtysh -c 'show version'

Verify Fix Applied:

Verify version is 9.2+ and check OSPF daemon stability: systemctl status frr or ps aux | grep ospfd

📡 Detection & Monitoring

Log Indicators:

OSPF daemon crash messages in /var/log/frr/ospfd.log
Repeated OSPF process restarts in system logs

Network Indicators:

Unusual OSPF packet patterns on port 89
OSPF adjacency flapping

SIEM Query:

source="/var/log/frr/ospfd.log" AND "segmentation fault" OR "core dumped"

📊 Metadata

CVE ID: CVE-2024-34088

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: April 30, 2024

Last Updated: May 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-34088, you might also want to check these: