Volerion logoVolerion
Volerion logoVolerion

FRRouting NULL Pointer Dereference Vulnerability in OSPF Component Allows Denial-of-Service

Vulnerability

A NULL pointer dereference vulnerability has been identified in FRRouting (FRR) versions 4.0 through 10.4.1. The issue arises in the OSPF daemon when it processes certain opaque Link State Update packets while debugging is enabled. This vulnerability can be exploited by sending crafted OSPF packets, leading to a crash of the OSPF process and causing a Denial-of-Service condition.

Impact

Exploiting this vulnerability crashes the OSPF daemon, causing a Denial-of-Service condition on the affected router.

Reproduction

To reproduce this vulnerability, set up a network topology with two routers using Mininet. Configure both routers to run OSPF and enable the 'debug ospf packet all send/recv detail' command. When the first router (r1) sends a packet containing an opaque LSA to the second router (r0), the OSPF process on r0 will crash, demonstrating the vulnerability.

Remediation

Users can update to FRRouting version 10.4.2 or later, where this vulnerability has been fixed.

Added: Oct 27, 2025, 8:21 PM
Updated: Oct 27, 2025, 8:21 PM

Vulnerability Rating

Custom Algorithm
spread
1.0
impact
2.5
exploitability
9.7
remediation
0.0
relevance
0.8
threat
6.4
urgency
2.9
incentive
10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.