CVE-2022-43681

Summary

CVE	CVE-2022-43681
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-05-03 12:16:00 UTC
Updated	2023-09-19 22:15:00 UTC
Description	An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition.

Risk And Classification

Problem Types: CWE-125

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Frrouting	Frrouting	All	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] [DLA 3573-1] frr security update	MLIST	lists.debian.org
Debian -- Security Information -- DSA-5495-1 frr	DEBIAN	www.debian.org
Forescout – Automated Cybersecurity Across Your Digital Terrain	MISC	forescout.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

161127 Oracle Enterprise Linux Security Update for frr (ELSA-2023-6434)
242282 Red Hat Update for frr (RHSA-2023:6434)
6000142 Debian Security Update for frr (DLA 3573-1)
6000208 Debian Security Update for frr (DSA 5495-1)
941350 AlmaLinux Security Update for frr (ALSA-2023:6434)