CVE-2022-26125
frrouting: overflow bugs in unpack_tlv_router_cap
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c.
Se presentan vulnerabilidades de desbordamiento del búfer en FRRouting versiones hasta 8.1.0, debido a comprobaciones erróneas de la longitud del paquete de entrada en el archivo isisd/isis_tlvs.c
frrouting is vulnerable to a flaw that can cause buffer overflow through due to incorrect checks on the input packet length when processing type-length-value packets. There is high impact to availability due to the fact that the process up-time can be made unreliable.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-02-25 CVE Reserved
- 2022-03-03 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-10-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-1284: Improper Validation of Specified Quantity in Input
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html | Mailing List |
URL | Date | SRC |
---|---|---|
https://github.com/FRRouting/frr/issues/10507 | 2024-08-03 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2022-26125 | 2022-11-15 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2058628 | 2022-11-15 |