Gratis scannen
Analyse in behandelingCVE-2026-28532

CVE-2026-28532: Integer Overflow in FRRouting

Platform

linux

Component

frr

Opgelost in

10.5.4

Bekijk op NVD
Opslaan

CVE-2026-28532 describes an integer overflow vulnerability discovered in FRRouting, a routing protocol daemon. This flaw allows attackers with an established OSPF adjacency to send malicious packets, potentially leading to denial of service and system crashes. The vulnerability affects FRRouting versions from 0.0.0 up to and including 10.5.3, and a patch is available in version 10.5.4.

Impact en Aanvalsscenarios

CVE-2026-28532 in FRRouting (FRR) affects versions prior to 10.5.3. This vulnerability is an integer overflow occurring in seven OSPF Traffic Engineering and Segment Routing TLV parser functions. The issue stems from a uint16t accumulator variable truncating uint32t values returned by the TLV_SIZE() macro, causing the loop termination condition to fail while pointer advancement continues unchecked. An attacker with an established OSPF adjacency can send a crafted LS Update packet with a malicious Type 10 or Type 11 Opaque LSA to trigger out-of-bounds memory reads, potentially leading to denial of service or arbitrary code execution.

Uitbuitingscontext

Exploitation of this vulnerability requires an attacker to have an established OSPF adjacency with the vulnerable device. This means the attacker must be able to participate in the OSPF protocol with the device. The attacker can then send specially crafted LS Update packets containing a malicious Type 10 or Type 11 Opaque LSA. The complexity of exploitation depends on the attacker's ability to create valid OSPF packets and manipulate relevant fields to trigger the integer overflow. The severity of the vulnerability is exacerbated by the fact that OSPF is a widely used protocol in enterprise and service provider networks.

Dreigingsinformatie

Exploit Status

Proof of ConceptOnbekend
CISA KEVNO
InternetblootstellingGemiddeld

EPSS

0.02% (5% percentiel)

CVSS-vector

DREIGINGSINFORMATIE· CVSS 3.1CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H6.5MEDIUMAttack VectorAdjacentHoe de aanvaller het doel bereiktAttack ComplexityLowVereiste omstandigheden om te exploiterenPrivileges RequiredNoneVereist authenticatieniveau voor aanvalUser InteractionNoneOf het slachtoffer actie moet ondernemenScopeUnchangedImpact buiten het getroffen onderdeelConfidentialityNoneRisico op blootstelling van gevoelige dataIntegrityNoneRisico op ongeautoriseerde gegevenswijzigingAvailabilityHighRisico op verstoring van dienstennextguardhq.com · CVSS v3.1 Basisscore
Wat betekenen deze metrics?
Attack Vector
Aangrenzend — netwerknabijheid vereist: zelfde LAN, Bluetooth of lokaal draadloos segment.
Attack Complexity
Laag — geen speciale voorwaarden vereist. Betrouwbaar uitbuitbaar.
Privileges Required
Geen — geen authenticatie vereist om te exploiteren.
User Interaction
Geen — automatische en stille aanval. Slachtoffer doet niets.
Scope
Ongewijzigd — impact beperkt tot het kwetsbare component.
Confidentiality
Geen — geen vertrouwelijkheidsimpact.
Integrity
Geen — geen integriteitsimpact.
Availability
Hoog — volledige crash of uitputting van resources. Totale denial of service.

Getroffen Software

Componentfrr
LeverancierFRRouting
Minimumversie0.0.0
Maximumversie10.5.3
Opgelost in10.5.4

Zwakheidsclassificatie (CWE)

CWE-190CWE-125

Tijdlijn

  1. Gepubliceerd
  2. Gewijzigd
  3. EPSS bijgewerkt

Mitigatie en Workarounds

The primary mitigation for CVE-2026-28532 is to upgrade FRRouting to version 10.5.4 or later. This version includes a fix that addresses the integer overflow and prevents the vulnerability. Additionally, review and harden network access control policies to limit attackers' ability to inject malicious OSPF packets. Monitoring OSPF traffic for unusual patterns can also help detect and respond to potential attacks. If an immediate upgrade isn't possible, consider temporary mitigation measures, although these may impact network performance.

Hoe te verhelpenwordt vertaald…

Actualice a la versión 10.5.4 o posterior de FRRouting para mitigar la vulnerabilidad de desbordamiento de enteros. Esta actualización corrige el problema truncando correctamente los valores uint32_t antes de usarlos en los cálculos, evitando así la condición de terminación del bucle fallida y las lecturas de memoria fuera de límites.

Veelgestelde vragen

Wat is CVE-2026-28532 — Integer Overflow in FRRouting?

An Opaque LSA is a type of OSPF message used to carry non-standard information. In this case, it's used to transport malicious data that can trigger the vulnerability.

Ben ik getroffen door CVE-2026-28532 in FRRouting?

It means the program attempts to access a memory location that is unallocated or outside the permitted boundaries, potentially causing a system crash or allowing malicious code execution.

Hoe los ik CVE-2026-28532 in FRRouting op?

Check the FRRouting version you are using. If it's prior to 10.5.3, it is vulnerable. You can also perform penetration testing to identify potential vulnerabilities.

Wordt CVE-2026-28532 actief misbruikt?

While not ideal, consider hardening network access control policies and monitoring OSPF traffic for anomalies.

Waar vind ik het officiële FRRouting-beveiligingsadvies voor CVE-2026-28532?

A successful attack could result in denial of service, system compromise, or even arbitrary code execution, depending on the system configuration and attacker capabilities.

Is jouw project getroffen?

Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.

Gratis scannenCVEs zoeken
livefree scan

Probeer het nu — geen account

Upload een manifest (composer.lock, package-lock.json, WordPress pluginlijst…) of plak uw componentenlijst. U ontvangt direct een kwetsbaarheidsrapport. Een bestand uploaden is slechts het begin: met een account krijgt u continue monitoring, Slack/e-mail alerts, multi-project en white-label rapporten.

Manual scanSlack/email alertsscanZone.capMonitorWhite-label reports

Sleep uw afhankelijkheidsbestand hierheen

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...