CVE-2022-40318Uncontrolled Resource Consumption in Frrouting

CWE-400Uncontrolled Resource ConsumptionCWE-125Out-of-bounds Read5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 67.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian FRRFrroutingDebian Linux
Timeline
PublishedMay 3

Description

An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a diffe

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

debiandebian/frr< frr 8.4.1-1 (bookworm)

Also affects: Debian Linux 10.0, 11.0, 12.0

🔴Vulnerability Details

2
OSV
CVE-2022-40318: An issue was discovered in bgpd in FRRouting (FRR) through 82023-05-03
GHSA
GHSA-9rqq-99cf-35g5: An issue was discovered in bgpd in FRRouting (FRR) through 82023-05-03

📋Vendor Advisories

2
Red Hat
frr: denial of service by crafting a BGP OPEN message with an option of type in bgp_open_option_parse in the bgp_open.c 0xff2023-05-03
Debian
CVE-2022-40318: frr - An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BG...2022