NULL Pointer Dereference
CVE-2024-34088
Summary
In FRRouting (FRR), the "get_edge()" function in "ospf_te.c" within the OSPF daemon can return a NULL pointer. If calling functions fail to handle this NULL value, the OSPF daemon may crash, resulting in a Denial of Service (DoS). The vulnerability affects versions prior to 8.4.4, 8.5.x prior to 8.5.5, 9.0.x prior to 9.0.3, 9.1.x prior to 9.1.1, 9.2.x prior to 10.0.1, and 10.x prior to 10.0.1.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
References
Advisory Timeline
- Published
