CVE-2022-43681

An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
VendorProductVersion
frroutingfrrouting
𝑥
≤ 8.4
debiandebian_linux
10.0
debiandebian_linux
11.0
debiandebian_linux
12.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
frr
bullseye
7.5.1-1.1+deb11u2
fixed
bullseye (security)
7.5.1-1.1+deb11u3
fixed
bookworm
8.4.4-1.1~deb12u1
fixed
bookworm (security)
8.4.4-1.1~deb12u1
fixed
sid
10.1.1-0.1
fixed
trixie
10.1.1-0.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
frr
lunar
not-affected
kinetic
not-affected
jammy
not-affected
focal
not-affected
bionic
dne
xenial
ignored
trusty
ignored
Common Weakness Enumeration
References
https://forescout.com
https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html
https://www.debian.org/security/2023/dsa-5495
https://forescout.com
https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html
https://www.debian.org/security/2023/dsa-5495