CVE-2022-37035
02.08.2022, 23:15
An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| frrouting | frrouting | 8.3 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| frr |
| ||||||||||||
| frr-devel |
| ||||||||||||
| libfrr0 |
| ||||||||||||
| libfrr_pb0 |
| ||||||||||||
| libfrrcares0 |
| ||||||||||||
| libfrrfpm_pb0 |
| ||||||||||||
| libfrrgrpc_pb0 |
| ||||||||||||
| libfrrospfapiclient0 |
| ||||||||||||
| libfrrsnmp0 |
| ||||||||||||
| libfrrzmq0 |
| ||||||||||||
| libmgmt_be_nb0 |
| ||||||||||||
| libmlag_pb0 |
|
References