CVE-2022-40302 — Out-of-bounds Read in Frrouting

CWE-125 — Out-of-bounds Read CWE-400 — Uncontrolled Resource Consumption10 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 61.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian FRR Frrouting Debian Linux

Timeline

PublishedMay 3

Description

An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDfrrouting/frrouting8.4

▶debiandebian/frr< frr 8.4.1-1 (bookworm)

Also affects: Debian Linux 10.0, 11.0, 12.0

🔴Vulnerability Details

OSV

CVE-2022-40302: An issue was discovered in bgpd in FRRouting (FRR) through 8↗2023-05-03

▶

GHSA

GHSA-j7hm-p94x-q9pw: An issue was discovered in bgpd in FRRouting (FRR) through 8↗2023-05-03

▶

OSV

CVE-2022-40318: An issue was discovered in bgpd in FRRouting (FRR) through 8↗2023-05-03

▶

GHSA

GHSA-9rqq-99cf-35g5: An issue was discovered in bgpd in FRRouting (FRR) through 8↗2023-05-03

▶

📋Vendor Advisories

Red Hat

frr: denial of service by crafting a BGP OPEN message with an option of type 0xff↗2023-05-03

▶

Red Hat

frr: denial of service by crafting a BGP OPEN message with an option of type in bgp_open_option_parse in the bgp_open.c 0xff↗2023-05-03

▶

Debian

CVE-2022-40318: frr - An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BG...↗2022

▶

Debian

CVE-2022-40302: frr - An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BG...↗2022

▶