Out-of-Bounds Read Vulnerability in FRRouting BGP Daemon by FRR
CVE-2022-43681

6.5MEDIUM

Key Information:

Vendor: Frrouting
Status: Frrouting
Vendor: CVE Published:; 3 May 2023

What is CVE-2022-43681?

An out-of-bounds read vulnerability exists in the BGP daemon of FRRouting FRR that affects versions through 8.4. When a malformed BGP OPEN message is processed, it can cause the daemon to read beyond the allocated memory bounds. This misbehavior triggers a SIGABRT signal, leading to an unexpected exit and subsequent restart of the bgpd daemon. Consequently, this results in a Denial-of-Service (DoS) condition, which can disrupt network routing operations.

References

https://forescout.com

https://www.debian.org/security/2023/dsa-5495

vendor-advisory

https://lists.debian.org/debian-lts-announce/2023/09/msg0...

mailing-list

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2023
Vulnerability Reserved
Oct 24, 2022

Frrouting

What is CVE-2022-43681?

References

CVSS V3.1

Timeline