CVE-2022-37035
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation.
Se ha detectado un problema en bgpd en FRRouting (FRR) 8.3. En las funciones bgp_notify_send_with_data() y bgp_process_packet() en el archivo bgp_packet.c, se presenta un posible uso de memoria previamente liberada debido a una condición de carrera. Esto podría conllevar una Ejecución de Código Remota o ua Divulgación de Información mediante el envío de paquetes BGP diseñados. No es requerida una interacción del usuario para la explotación
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-07-29 CVE Reserved
- 2022-08-02 CVE Published
- 2024-04-28 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html | Mailing List |
URL | Date | SRC |
---|---|---|
https://docs.google.com/document/d/1TqYEcZbFeDTMKe2N4XRFwyAjw_mynIHfvzwbx1fmJj8/edit?usp=sharing | 2024-08-03 | |
https://github.com/FRRouting/frr/issues/11698 | 2024-08-03 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|