CVE-2022-37035

An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://docs.google.com/document/d/1TqYEcZbFeDTMKe2N4XRFwyAjw_mynIHfvzwbx1fmJj8/edit?usp=sharing	Exploit Third Party Advisory
https://github.com/FRRouting/frr/issues/11698	Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html

Configurations

Configuration 1 (hide)

cpe:2.3:a:frrouting:frrouting:8.3:-:*:*:*:*:*:*

History

No history.

Information

Published : 2022-08-02 23:15

Updated : 2024-04-28 07:15

NVD link : CVE-2022-37035

Mitre link : CVE-2022-37035

CVE.ORG link : CVE-2022-37035

JSON object : View

Products Affected

frrouting

frrouting

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

{"id": "CVE-2022-37035", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2022-08-02T23:15:18.230", "references": [{"url": "https://docs.google.com/document/d/1TqYEcZbFeDTMKe2N4XRFwyAjw_mynIHfvzwbx1fmJj8/edit?usp=sharing", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/FRRouting/frr/issues/11698", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation."}, {"lang": "es", "value": "Se ha detectado un problema en bgpd en FRRouting (FRR) 8.3. En las funciones bgp_notify_send_with_data() y bgp_process_packet() en el archivo bgp_packet.c, se presenta un posible uso de memoria previamente liberada debido a una condici\u00f3n de carrera. Esto podr\u00eda conllevar una Ejecuci\u00f3n de C\u00f3digo Remota o ua Divulgaci\u00f3n de Informaci\u00f3n mediante el env\u00edo de paquetes BGP dise\u00f1ados. No es requerida una interacci\u00f3n del usuario para la explotaci\u00f3n"}], "lastModified": "2024-04-28T07:15:08.190", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:frrouting:frrouting:8.3:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3480A36C-F0A3-4621-96C1-0000E66D8E1C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}