Source: frr X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerabilities were published for frr. CVE-2022-43681[0]: | An out-of-bounds read exists in the BGP daemon of FRRouting FRR | through 8.4. When sending a malformed BGP OPEN message that ends with | the option length octet (or the option length word, in case of an | extended OPEN message), the FRR code reads of out of the bounds of the | packet, throwing a SIGABRT signal and exiting. This results in a bgpd | daemon restart, causing a Denial-of-Service condition. CVE-2022-40318[1]: | An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By | crafting a BGP OPEN message with an option of type 0xff (Extended | Length from RFC 9072), attackers may cause a denial of service | (assertion failure and daemon restart, or out-of-bounds read). This is | possible because of inconsistent boundary checks that do not account | for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this | behavior occurs in bgp_open_option_parse in the bgp_open.c file, a | different location (with a different attack vector) relative to | CVE-2022-40302. CVE-2022-40302[2]: | An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By | crafting a BGP OPEN message with an option of type 0xff (Extended | Length from RFC 9072), attackers may cause a denial of service | (assertion failure and daemon restart, or out-of-bounds read). This is | possible because of inconsistent boundary checks that do not account | for reading 3 bytes (instead of 2) in this 0xff case. Upstream's reaction on requests for information on these issues is far from optimal.. https://github.com/FRRouting/frr/issues/13427 https://github.com/FRRouting/frr/issues/13480 Cheers, Moritz If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-43681 https://www.cve.org/CVERecord?id=CVE-2022-43681 [1] https://security-tracker.debian.org/tracker/CVE-2022-40318 https://www.cve.org/CVERecord?id=CVE-2022-40318 [2] https://security-tracker.debian.org/tracker/CVE-2022-40302 https://www.cve.org/CVERecord?id=CVE-2022-40302 Please adjust the affected versions in the BTS as needed.