CVE-2022-37035

2022-08-0223:15:18

Google

osv.dev

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.029 Low

EPSS

Percentile

90.8%

JSON

An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation.

CPENameOperatorVersion
frreqfrr-7.2-de
frreqbase_8.2
frreqbase_7.4
frreqbase_8.1
frreqfrr-8.1-de
frreqreindent-3.0-before
frreqfrr-7.6-de
frreqfrr-8.3-de
frreqfrr-6.1-de
frreqreindent-master-before

Name	Operator	Version
frr	eq	frr-7.2-de
frr	eq	base_8.2
frr	eq	base_7.4
frr	eq	base_8.1
frr	eq	frr-8.1-de
frr	eq	reindent-3.0-before
frr	eq	frr-7.6-de
frr	eq	frr-8.3-de
frr	eq	frr-6.1-de
frr	eq	reindent-master-before