CVE-2022-43681
frr: out-of-bounds read exists in the BGP daemon of FRRouting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition.
Existe una lectura fuera de los límites en el daemon BGP de FRRouting FRR hasta 8.4. Al enviar un mensaje BGP OPEN con formato incorrecto que termina con el octeto de longitud de la opción (o la palabra de longitud de la opción, en el caso de un mensaje OPEN extendido), el código FRR se lee fuera de los límites del paquete, lanzando una señal SIGABRT y saliendo. Esto da como resultado un reinicio del daemon bgpd, lo que provoca una condición de Denegación de Servicio (DoS).
An out-of-bounds read flaw exists in the BGP daemon of FRRouting. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads out of the bounds of the packet, throwing a SIGABRT signal and exiting. This issue results in a bgpd daemon restart, causing a denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-10-24 CVE Reserved
- 2023-05-03 CVE Published
- 2024-05-09 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://forescout.com | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.debian.org/security/2023/dsa-5495 | 2024-02-16 | |
https://access.redhat.com/security/cve/CVE-2022-43681 | 2023-11-07 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2196088 | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Frrouting Search vendor "Frrouting" | Frrouting Search vendor "Frrouting" for product "Frrouting" | <= 8.4 Search vendor "Frrouting" for product "Frrouting" and version " <= 8.4" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 12.0 Search vendor "Debian" for product "Debian Linux" and version "12.0" | - |
Affected
|