{
  "threat_severity" : "Moderate",
  "public_date" : "2025-10-28T00:00:00Z",
  "bugzilla" : {
    "description" : "frr: NULL pointer dereference in show_vty_ext_link_lan_adj_sid() in ospf_ext.c",
    "id" : "2406814",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2406814"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.9",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-476",
  "details" : [ "FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.", "A flaw was found in frr. When the OSPF daemon (ospfd) is configured with the debug command \"debug ospf packet all send/recv detail\", it attempts to print detailed information about OSPF packets. However, a specially crafted OSPF packet can trigger a NULL pointer dereference in the show_vty_ext_link_lan_adj_sid function in the ospf_ext.c file, causing the OSPF process to crash and resulting in a denial of service." ],
  "statement" : "A very specific and non-default runtime configuration is required to exploit this flaw. The vulnerable code is only reachable when OSPF detailed packet debugging is enabled (debug ospf packet all send/recv detail), which is typically used for temporary diagnostic purposes and not in production environments. In normal operation, the affected function is not invoked, thereby significantly reducing exposure.\nFurthermore, this flaw can trigger a NULL pointer dereference, causing a crash of the ospfd process without memory corruption or any other security impact.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "frr",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "frr",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "frr",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-61103\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-61103\nhttps://github.com/FRRouting/frr/issues/19471\nhttps://github.com/FRRouting/frr/pull/19480\nhttps://github.com/FRRouting/frr/pull/19480/commits/fdd957408605d4a1766225630aafc7e6b7c3daf3\nhttps://github.com/s1awwhy/BugList/blob/main/CVE-2025-61103.md" ],
  "name" : "CVE-2025-61103",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}