CVE-2022-43681

NameCVE-2022-43681
DescriptionAn out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3573-1
Debian Bugs1035829

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
frr (PTS)buster6.0.2-2+deb10u1vulnerable
buster (security)7.5.1-1.1+deb10u1fixed
bullseye (security), bullseye7.5.1-1.1+deb11u2fixed
bookworm, bookworm (security)8.4.4-1.1~deb12u1fixed
sid9.1-0.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
frrsourcebuster7.5.1-1.1+deb10u1DLA-3573-1
frrsourcebullseye7.5.1-1.1+deb11u2
frrsource(unstable)8.4.1-11035829

Notes

https://github.com/FRRouting/frr/issues/13427
https://github.com/FRRouting/frr/issues/13480
https://github.com/FRRouting/frr/commit/6c4ca9812976596bf8b5226600269fc4031f1422 (frr-8.4)

Search for package or bug name: Reporting problems