CVE-2022-40318

Name of the Vulnerable Software and Affected Versions FRRouting versions through 8.4

Description An issue in the bgpd component of FRRouting allows attackers to cause a denial of service by crafting a BGP OPEN message with an option of type 0xff. This is due to inconsistent boundary checks in the bgp open option parse function, located in the bgp open.c file, which fails to account for reading 3 bytes instead of 2 in this specific case. The exploitation of this issue can lead to an out-of-bounds read or an assertion failure and daemon restart.

Recommendations For FRRouting versions through 8.4, consider disabling the bgp open option parse function as a temporary workaround until a patch is available. Restrict access to the bgpd daemon to minimize the risk of exploitation. Avoid processing BGP OPEN messages with the option type 0xff until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.