Out-of-bounds read in frr

#VU82896 Out-of-bounds read in frr

Cybersecurity Help s.r.o.

Published: 2023-11-07

Vulnerability identifier: #VU82896

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43681

CWE-ID: CWE-125

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
frr
Other software / Other software solutions

Vendor: frrouting.org

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the BGP daemon. A remote attacker can send a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), trigger an out-of-bounds read error and crash the daemon.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

frr: 8.0 - 8.4

External links
http://www.debian.org/security/2023/dsa-5495
http://lists.debian.org/debian-lts-announce/2023/09/msg00020.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat Enterprise Linux 9 update for frr

Remote denial of service in FRRouting FRR

Multiple vulnerabilities in Oracle Linux