CVE-2022-36440 — Reachable Assertion in Frrouting

CWE-617 — Reachable Assertion5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 47.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian FRR Debian Linux Fedoraproject Fedora +1 more

Timeline

PublishedApr 3

Latest updateApr 4

Description

A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDfrrouting/frrouting8.3

▶debiandebian/frr< frr 8.4.1-1 (bookworm)

Also affects: Debian Linux 10.0, 11.0, 12.0, Fedora 36, 37, 38

🔴Vulnerability Details

GHSA

GHSA-cpmq-crvm-2w5p: A reachable assertion was found in Frrouting frr-bgpd 8↗2023-04-03

▶

OSV

CVE-2022-36440: A reachable assertion was found in Frrouting frr-bgpd 8↗2023-04-03

▶

📋Vendor Advisories

Red Hat

frr: Reachable assertion in peek_for_as4_capability function↗2023-04-04

▶

Debian

CVE-2022-36440: frr - A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_...↗2022

▶