An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition.
References
Link | Resource |
---|---|
https://forescout.com | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html | Mailing List Third Party Advisory |
https://www.debian.org/security/2023/dsa-5495 | Third Party Advisory |
Configurations
History
16 Feb 2024, 18:20
Type | Values Removed | Values Added |
---|---|---|
References | (DEBIAN) https://www.debian.org/security/2023/dsa-5495 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
|
First Time |
Debian
Debian debian Linux |
19 Sep 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Sep 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2023-05-03 12:16
Updated : 2024-02-28 20:13
NVD link : CVE-2022-43681
Mitre link : CVE-2022-43681
CVE.ORG link : CVE-2022-43681
JSON object : View
Products Affected
frrouting
- frrouting
debian
- debian_linux
CWE
CWE-125
Out-of-bounds Read