📄 Description (English)
FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16_t accumulator variable truncates uint32_t values returned by the TLV_SIZE() macro, causing the loop termination condition to fail while pointer advancement continues unchecked. Attackers with an established OSPF adjacency can send a crafted LS Update packet with a malicious Type 10 or Type 11 Opaque LSA to trigger out-of-bounds memory reads and crash all affected routers in the OSPF area or autonomous system.
🤖 AI Executive Summary
FRRouting versions before 10.5.3 contain a critical integer overflow vulnerability in OSPF Traffic Engineering and Segment Routing TLV parser functions that allows authenticated attackers to crash routers via malicious Type 10/11 Opaque LSA packets. This vulnerability affects core routing infrastructure across Saudi Arabia's telecommunications and energy sectors, potentially causing widespread network disruptions. The vulnerability requires established OSPF adjacency but poses significant risk to internal network stability and availability.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 12, 2026 19:37
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi Arabia's critical infrastructure, particularly: (1) STC and other telecom operators relying on OSPF for backbone routing - potential for nationwide service disruptions; (2) ARAMCO and energy sector networks using OSPF for SCADA/industrial control systems - could impact oil/gas operations; (3) Government networks and NCA infrastructure utilizing OSPF for inter-agency communications; (4) Banking sector networks (SAMA-regulated) using OSPF for secure inter-bank connectivity. The vulnerability requires OSPF adjacency, limiting exposure to internal network threats and compromised routing peers, but impact scope is severe given the critical nature of affected infrastructure.
🏢 Affected Saudi Sectors
Telecommunications (STC, Mobily, Zain)
Energy (ARAMCO, power utilities)
Government (NCA, ministries)
Banking (SAMA-regulated institutions)
Healthcare (hospital networks)
Education (university networks)
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Verify FRRouting version across all routers: 'vtysh -c "show version"'
2. Identify all OSPF adjacencies and document trusted peers
3. Implement strict OSPF authentication (MD5/SHA) on all adjacencies if not already enabled
4. Enable OSPF packet logging to detect malicious LSA packets
PATCHING GUIDANCE:
1. Upgrade to FRRouting 10.5.3 or later when available
2. Contact vendor for interim security patches if upgrade timeline exceeds 30 days
3. Test patches in isolated lab environment before production deployment
4. Plan maintenance windows for router updates to minimize service impact
COMPENSATING CONTROLS (until patch available):
1. Implement strict OSPF authentication: 'area X authentication message-digest' + 'area X range X.X.X.X X.X.X.X cost X'
2. Restrict OSPF adjacency formation to known, trusted routers only
3. Implement access control lists (ACLs) to limit OSPF traffic (UDP 520) to authorized sources
4. Monitor router CPU and memory utilization for anomalies indicating DoS attempts
5. Enable OSPF graceful restart capability for faster recovery from crashes
6. Implement redundant routing paths to mitigate single router failures
DETECTION RULES:
1. Monitor for Type 10/11 Opaque LSA packets with abnormal TLV sizes
2. Alert on unexpected router crashes or OSPF adjacency flaps
3. Monitor for OSPF packets from unexpected sources
4. Track router memory/CPU spikes correlating with OSPF packet receipt
5. Implement IDS signatures for malformed OSPF TLV structures
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. التحقق من إصدار FRRouting عبر جميع أجهزة التوجيه: 'vtysh -c "show version"'
2. تحديد جميع تجاورات OSPF وتوثيق الأقران الموثوقين
3. تنفيذ مصادقة OSPF صارمة (MD5/SHA) على جميع التجاورات إن لم تكن مفعلة
4. تفعيل تسجيل حزم OSPF للكشف عن حزم LSA الضارة
إرشادات التصحيح:
1. الترقية إلى FRRouting 10.5.3 أو إصدار أحدث عند توفره
2. الاتصال بالمورد للحصول على تصحيحات أمان مؤقتة إذا تجاوزت مدة الترقية 30 يوماً
3. اختبار التصحيحات في بيئة معملية معزولة قبل النشر الإنتاجي
4. التخطيط لنوافذ الصيانة لتحديثات أجهزة التوجيه لتقليل تأثير الخدمة
الضوابط البديلة (حتى توفر التصحيح):
1. تنفيذ مصادقة OSPF صارمة: 'area X authentication message-digest'
2. تقييد تشكيل تجاور OSPF للأجهزة الموثوقة المعروفة فقط
3. تنفيذ قوائم التحكم في الوصول (ACLs) لتحديد حركة OSPF (UDP 520) للمصادر المصرح بها
4. مراقبة استخدام CPU والذاكرة في أجهزة التوجيه للكشف عن الشذوذ
5. تفعيل إعادة التشغيل الرشيقة لـ OSPF للتعافي السريع من الأعطال
6. تنفيذ مسارات توجيه زائدة للتخفيف من أعطال جهاز التوجيه الفردي
قواعد الكشف:
1. مراقبة حزم Opaque LSA من النوع 10/11 بأحجام TLV غير طبيعية
2. التنبيه على أعطال أجهزة التوجيه غير المتوقعة أو تقلبات تجاور OSPF
3. مراقبة حزم OSPF من مصادر غير متوقعة
4. تتبع ارتفاعات ذاكرة/CPU في أجهزة التوجيه المرتبطة باستقبال حزم OSPF
5. تنفيذ توقيعات IDS لهياكل OSPF TLV المشوهة
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.12.6.1 - Management of technical vulnerabilities
ECC 2024 A.12.6.2 - Restrictions on software installation
ECC 2024 A.14.2.1 - Information security requirements analysis and specification
ECC 2024 A.8.2.3 - Segregation of duties
🔵 SAMA CSF
ID.RA-1 - Asset management and criticality assessment
PR.IP-12 - Software development and acquisition security
DE.CM-1 - Network monitoring and anomaly detection
RS.RP-1 - Response and recovery planning
🟡 ISO 27001:2022
A.12.2.1 - Monitoring and review of information systems
A.12.6.1 - Management of technical vulnerabilities
A.14.2.1 - Information security requirements
A.8.2.3 - Segregation of duties
🔗 References & Sources 4
🔗
https://github.com/FRRouting/frr/commit/f098decf02987fbf1c891766c1516ac832adadfd
disclosure@vulncheck.com
Patch
🔗
https://github.com/FRRouting/frr/pull/21002
disclosure@vulncheck.com
Issue Tracking
Patch
🔗
https://github.com/FRRouting/frr/releases/tag/frr-10.5.3
disclosure@vulncheck.com
Release Notes
🔗
https://www.vulncheck.com/advisories/frrouting-integer-overflow-in-ospf-tlv-parser-func...
disclosure@vulncheck.com
Third Party Advisory
📦 Affected Products / CPE 1 entries
frrouting:frrouting