CVE-2022-26125Improper Restriction of Operations within the Bounds of a Memory Buffer in Frrouting

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-1284Improper Validation of Specified Quantity in Input5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 74.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian FRRFrrouting
Timeline
PublishedMar 3
Latest updateMar 4

Description

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5frrouting/frroutingthrough 8.1.0
debiandebian/frr< frr 8.4.1-1 (bookworm)

🔴Vulnerability Details

2
GHSA
GHSA-9hg8-8wq3-mhhg: Buffer overflow vulnerabilities exist in FRRouting through 82022-03-04
OSV
CVE-2022-26125: Buffer overflow vulnerabilities exist in FRRouting through 82022-03-03

📋Vendor Advisories

2
Red Hat
frrouting: overflow bugs in unpack_tlv_router_cap2022-02-06
Debian
CVE-2022-26125: frr - Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong ch...2022