CVE-2022-37032

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions FRRouting FRR versions prior to 8.4

Description The issue is related to an out-of-bounds read in the BGP daemon of FRRouting FRR. This can lead to a segmentation fault and denial of service. The problem occurs in the bgp capability msg parse function in bgpd/bgp packet.c.

Recommendations For versions prior to 8.4, update to version 8.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the BGP daemon to minimize the risk of exploitation.

Exploit

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2023:2202

ALSA-2023:2801

ALSA-2023_2202

ALSA-2023_2801

ALSA-2023_5194

ALSA-2023_5219

ALSA-2023_6434

ALSA-2024_0130

ALSA-2024_0477

ALSA-2024_2156

ALSA-2024_2981

ALT-PU-2023-1111

BDU:2024-04437

CESA-2023_2801

CVE-2022-37032

DLA-3211-1

DSA-5362-1

ELSA-2023-2202

ELSA-2023-2801

OPENSUSE-SU-2022_3246-1

OPENSUSE-SU-2024:12307-1

OPENSUSE-SU-2024_3478-1

RHSA-2023:2202

RHSA-2023:2801

RHSA-2023_2202

RHSA-2023_2801

SUSE-SU-2022:3246-1

SUSE-SU-2022_3246-1

SUSE-SU-2024:3426-1

SUSE-SU-2024:3433-1

SUSE-SU-2024:3478-1

SUSE-SU-2024_3426-1

SUSE-SU-2024_3433-1

SUSE-SU-2024_3478-1

USN-5685-1

USN-6482-1

USN-6807-1

Affected Products

Alt Linux

Almalinux

Centos

Frrouting Frr

Linuxmint

Red Hat

Red Os

Suse

Ubuntu

CVE-2022-37032

Weakness Enumeration

Related Identifiers

Affected Products

References · 77