CVE-2025-61100: 
Linux Debian vulnerability analysis and mitigation

FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability was discovered in October 2025 and affects the OSPF component of FRRouting (NVD).

The vulnerability occurs when the command 'debug ospf packet all send/recv detail' is enabled in the OSPF configuration. The original Opaque LSA handling code failed to check whether the VTY context and show_opaque_info were available, resulting in NULL pointer dereference and crashes in ospfd. The issue specifically manifests when ospfd processes an LS Update packet containing an opaque LSA (FRR Issue). The vulnerability has been assigned a CVSS v3.1 base score of 7.5 HIGH with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions. When exploited, it can cause the ospfd daemon to crash, disrupting the routing functionality (NVD).

A patch has been developed that adds security checks for the VTY context and pointers related to Opaque LSAs dumping. The fix includes proper NULL checks for functab, functab->show_opaque_info, and lsa.data. If the VTY context is unavailable, the patch ensures that the packet details are logged using zlog instead (FRR Pull).