{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-43681", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T13:40:06.339Z", "dateReserved": "2022-10-24T00:00:00", "datePublished": "2023-05-03T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-09-19T21:06:38.413024"}, "descriptions": [{"lang": "en", "value": "An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://forescout.com"}, {"name": "DSA-5495", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2023/dsa-5495"}, {"name": "[debian-lts-announce] 20230919 [SECURITY] [DLA 3573-1] frr security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:40:06.339Z"}, "title": "CVE Program Container", "references": [{"url": "https://forescout.com", "tags": ["x_transferred"]}, {"name": "DSA-5495", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2023/dsa-5495"}, {"name": "[debian-lts-announce] 20230919 [SECURITY] [DLA 3573-1] frr security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CBDA653-317C-427D-AC6A-9AA434671061", "versionEndIncluding": "8.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition."}, {"lang": "es", "value": "Existe una lectura fuera de los l\u00edmites en el daemon BGP de FRRouting FRR hasta 8.4. Al enviar un mensaje BGP OPEN con formato incorrecto que termina con el octeto de longitud de la opci\u00f3n (o la palabra de longitud de la opci\u00f3n, en el caso de un mensaje OPEN extendido), el c\u00f3digo FRR se lee fuera de los l\u00edmites del paquete, lanzando una se\u00f1al SIGABRT y saliendo. Esto da como resultado un reinicio del daemon bgpd, lo que provoca una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS)."}], "id": "CVE-2022-43681", "lastModified": "2024-11-21T07:27:01.987", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-03T12:16:30.070", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://forescout.com"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5495"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://forescout.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5495"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:6434", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "frr-0:8.3.1-11.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}], "bugzilla": {"description": "frr: out-of-bounds read exists in the BGP daemon of FRRouting", "id": "2196088", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196088"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-125", "details": ["An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition.", "An out-of-bounds read flaw exists in the BGP daemon of FRRouting. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads out of the bounds of the packet, throwing a SIGABRT signal and exiting. This issue results in a bgpd daemon restart, causing a denial of service."], "name": "CVE-2022-43681", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "frr", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2023-05-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-43681\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-43681"], "threat_severity": "Moderate"}