6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
39.5%
An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting
a BGP OPEN message with an option of type 0xff (Extended Length from RFC
9072), attackers may cause a denial of service (assertion failure and
daemon restart, or out-of-bounds read). This is possible because of
inconsistent boundary checks that do not account for reading 3 bytes
(instead of 2) in this 0xff case. NOTE: this behavior occurs in
bgp_open_option_parse in the bgp_open.c file, a different location (with a
different attack vector) relative to CVE-2022-40302.
Author | Note |
---|---|
mdeslaur | Commits below fix CVE-2022-40302, CVE-2022-40318, CVE-2022-43681 Introduced by https://github.com/FRRouting/frr/commit/d08c0c8077fbb3e100ed2e87927edec1a09d224b |