PT-2022-4283 · Frrouting+4 · Frrouting+4
Published
2022-08-02
·
Updated
2024-09-03
·
CVE-2022-37035
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FRRouting (FRR) version 8.3
Description
A possible use-after-free due to a race condition was discovered in the bgpd component of FRRouting. This issue affects the
bgp notify send with data() and bgp process packet() functions in bgp packet.c. It could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation.Recommendations
For FRRouting (FRR) version 8.3, as a temporary workaround, consider disabling the
bgp notify send with data() and bgp process packet() functions until a patch is available. Restrict access to the bgp packet.c module to minimize the risk of exploitation. Avoid using crafted BGP packets in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
RCE
Use After Free
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Frrouting
Linuxmint
Red Os
Suse
Ubuntu