ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) up to and including 9.1 allows remote malicious users to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field.