CVE-2024-55553

CVE-2024-55553 is a denial-of-service vulnerability (CVSS 3.1 score of 7.5; AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H; CWE-404) in FRRouting (FRR), an open-source IP routing protocol suite. It affects versions from 6.0 onward up to but excluding 10.3, specifically FRR routers using RTR (Router Trustworthiness via RPKI) for route origin validation. The issue occurs when the total size of an RTR update exceeds the internal socket buffer size, defaulting to 4KB on most operating systems, causing FRR to re-validate all routes in the Routing Information Base (RIB). This re-validation can also happen organically due to large updates.

An unauthenticated network-accessible attacker can exploit this by issuing more than 4KB of RTR updates during a typical 30-minute update interval, forcing repeated full RIB re-parsing. By continuously issuing or withdrawing large numbers of Route Origin Authorization (ROA) objects, the attacker can sustain the effect, preventing completion of re-validation on routers with large full tables that require over 30 minutes to process. This leads to degraded route handling performance across all global FRR instances using RPKI and increased BMP (BGP Monitoring Protocol) traffic to monitoring ingestors.

FRRouting's security advisory (https://frrouting.org/security/cve-2024-55553/) recommends upgrading to fixed versions 10.0.3, 10.1.2, 10.2.1, or 10.3 and later; the upstream patch is at https://github.com/FRRouting/frr/pull/17586/commits/b0800bfdf04b4fcf48504737ebfe4ba7f05268d3. Debian LTS backports are detailed in https://lists.debian.org/debian-lts-announce/2025/01/msg00023.html.