Lucene search

[email protected]CVE-2022-37035

HistoryAug 02, 2022 - 11:15 p.m.

CVE-2022-37035

2022-08-0223:15:18

CWE-362

[email protected]

web.nvd.nist.gov

cve-2022-37035

bgpd

frrouting

frr

use-after-free

race condition

remote code execution

information disclosure

nvd

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

0.029 Low

EPSS

Percentile

90.8%

JSON

An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation.

Affected configurations

NVD

Node

frroutingfrroutingMatch8.3-

CPENameOperatorVersion
frrouting:frroutingfrroutingeq8.3

CPE	Name	Operator	Version
frrouting:frrouting	frrouting	eq	8.3

References

docs.google.com/document/d/1TqYEcZbFeDTMKe2N4XRFwyAjw_mynIHfvzwbx1fmJj8/edit?usp=sharing

github.com/FRRouting/frr/issues/11698

lists.debian.org/debian-lts-announce/2024/04/msg00019.html

Social References

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

0.029 Low

EPSS

Percentile

90.8%

JSON

Related for CVE-2022-37035

osv4 ubuntucve1 cvelist1 debiancve1 redhatcve1 prion1 nvd1 veracode1 openvas4 redos1 nessus4 ubuntu2 debian1