Reachable Assertion in Frrouting BGP Daemon by FRRouting
CVE-2022-36440

7.5HIGH

Key Information:

Vendor: Frrouting
Status: Frrouting
Vendor: CVE Published:; 3 April 2023

What is CVE-2022-36440?

A reachable assertion vulnerability has been identified in the FRRouting BGP daemon (frr-bgpd) version 8.3.0. This flaw is located within the peek_for_as4_capability function, where attackers can craft malicious BGP open packets and transmit them to BGP peers running the affected software. Successful exploitation could lead to denial-of-service (DoS) conditions, impacting network reliability and performance.

References

https://github.com/spwpun/pocs

https://github.com/spwpun/pocs/blob/main/frr-bgpd.md

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 3, 2023
Vulnerability Reserved
Jul 25, 2022