From 92e887e7d95b125860c4ba1adf040467a255d80d Mon Sep 17 00:00:00 2001
From: Tobias Fiebig <tobias+github@fiebig.nl>
Date: Tue, 7 Jan 2025 10:16:26 +0100
Subject: [PATCH] Improve GHSA-hrrq-wpmq-47mf

---
 .../GHSA-hrrq-wpmq-47mf.json                  | 45 ++++++++++++++++---
 1 file changed, 39 insertions(+), 6 deletions(-)

diff --git a/advisories/unreviewed/2025/01/GHSA-hrrq-wpmq-47mf/GHSA-hrrq-wpmq-47mf.json b/advisories/unreviewed/2025/01/GHSA-hrrq-wpmq-47mf/GHSA-hrrq-wpmq-47mf.json
index 92d2fecb466b3..6296898068b72 100644
--- a/advisories/unreviewed/2025/01/GHSA-hrrq-wpmq-47mf/GHSA-hrrq-wpmq-47mf.json
+++ b/advisories/unreviewed/2025/01/GHSA-hrrq-wpmq-47mf/GHSA-hrrq-wpmq-47mf.json
@@ -1,31 +1,64 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hrrq-wpmq-47mf",
-  "modified": "2025-01-07T00:31:40Z",
+  "modified": "2025-01-07T00:31:49Z",
   "published": "2025-01-07T00:31:40Z",
   "aliases": [
     "CVE-2024-55553"
   ],
-  "details": "In FRRouting (FRR) before 10.3, it is possible for an attacker to trigger repeated RIB revalidation by sending approximately 500 RPKI updates, potentially leading to prolonged revalidation times and a Denial of Service (DoS) scenario.",
-  "severity": [],
-  "affected": [],
+  "summary": "FRRouting (FRR) 10.3 revalidates the full routing-table when receiving more than ~300 RTR PDUs in an update",
+  "details": "In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. This can be used by an attacker to trigger re-parsing of the RIB for FRR routers using RTR by causing more than this number of updates during an update interval (usually 30 minutes). Additionally, this effect regularly occurs organically.\n\nFurthermore, an attacker can use this to continuously trigger route validation. Given that routers with large full-tables may need more than 30 minutes to fully re-validate the table, continuous issuance/withdrawal of large numbers of ROA may be used to impact route handling performance of all FRR instances using RPKI globally.\n\nAdditionally, the re-validation will cause heightened BMP traffic to ingestors.\n\nAffected Versions: FRRouting <6.0\nFixed Versions: 10.0.3, 10.1.2, 10.2.1, 10.3",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": ""
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55553"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/FRRouting/frr/issues/17533"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/FRRouting/frr/pull/17586/commits/b0800bfdf04b4fcf48504737ebfe4ba7f05268d3"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/FRRouting/frr/commit/4ce826764487b07c2bc3f2bf0f1986001afd93c0"
+    },
     {
       "type": "WEB",
       "url": "https://frrouting.org/security/cve-2024-55553"
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-01-06T23:15:07Z"