CVE-2022-37035

EUVD-2022-39689
An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
frroutingfrrouting
8.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
frr
bookworm
8.4.4-1.1~deb12u1
fixed
bookworm (security)
8.4.4-1.1~deb12u1
fixed
bullseye
vulnerable
bullseye (security)
7.5.1-1.1+deb11u3
fixed
sid
10.1.1-0.1
fixed
trixie
10.1.1-0.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
frr
bionic
dne
focal
Fixed 7.2.1-1ubuntu0.2+esm2
released
jammy
Fixed 8.1-1ubuntu1.2
released
kinetic
Fixed 8.1-1ubuntu3
released
lunar
Fixed 8.1-1ubuntu3
released
mantic
Fixed 8.1-1ubuntu3
released
noble
Fixed 8.1-1ubuntu3
released
trusty
dne
xenial
dne
Common Weakness Enumeration
References
https://docs.google.com/document/d/1TqYEcZbFeDTMKe2N4XRFwyAjw_mynIHfvzwbx1fmJj8/edit?usp=sharing
https://github.com/FRRouting/frr/issues/11698
https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html
https://docs.google.com/document/d/1TqYEcZbFeDTMKe2N4XRFwyAjw_mynIHfvzwbx1fmJj8/edit?usp=sharing
https://github.com/FRRouting/frr/issues/11698
https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html
https://lists.debian.org/debian-lts-announce/2024/09/msg00007.html