CVE-2022-43681

An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition.
References
Link Resource
https://forescout.com Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html Mailing List Third Party Advisory
https://www.debian.org/security/2023/dsa-5495 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

History

16 Feb 2024, 18:20

Type Values Removed Values Added
References (DEBIAN) https://www.debian.org/security/2023/dsa-5495 - (DEBIAN) https://www.debian.org/security/2023/dsa-5495 - Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html - (MLIST) https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html - Mailing List, Third Party Advisory
CPE cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
First Time Debian
Debian debian Linux

19 Sep 2023, 22:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html -

12 Sep 2023, 00:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2023/dsa-5495 -

Information

Published : 2023-05-03 12:16

Updated : 2024-02-28 20:13


NVD link : CVE-2022-43681

Mitre link : CVE-2022-43681

CVE.ORG link : CVE-2022-43681


JSON object : View

Products Affected

debian

  • debian_linux

frrouting

  • frrouting
CWE
CWE-125

Out-of-bounds Read