Denial of Service Vulnerability in FRRouting Network Software
CVE-2022-40318

6.5MEDIUM

Key Information:

Vendor: Frrouting
Status: Frrouting
Vendor: CVE Published:; 3 May 2023

What is CVE-2022-40318?

A vulnerability in the bgpd component of FRRouting allows attackers to exploit inconsistencies in boundary checks by crafting malicious BGP OPEN messages. This can lead to a denial of service, causing assertion failures and daemon restarts or even out-of-bounds reads. The issue arises from the inability to handle an extended length option (type 0xff) properly, as the parsing function does not correctly read the extra bytes as specified in RFC 9072. Immediate remediation is recommended to safeguard network operations.

References

https://github.com/FRRouting/frr/releases

https://www.debian.org/security/2023/dsa-5495

vendor-advisory

https://lists.debian.org/debian-lts-announce/2023/09/msg0...

mailing-list

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2023
Vulnerability Reserved
Sep 9, 2022

Frrouting

What is CVE-2022-40318?

References

CVSS V3.1

Timeline