CVE-2022-36440

Name of the Vulnerable Software and Affected Versions Frrouting frr-bgpd version 8.3.0

Description A reachable assertion was found in the peek for as4 capability function, which can be exploited by attackers to maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in a denial of service. The issue is related to the insufficient use of the assert() function. This can allow a remote attacker to cause a service disruption.

Recommendations For Frrouting frr-bgpd version 8.3.0, as a temporary workaround, consider disabling the peek for as4 capability function until a patch is available. Restrict access to the BGP peers to minimize the risk of exploitation. Avoid using the vulnerable function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.