A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS.
References
Link | Resource |
---|---|
https://github.com/spwpun/pocs | Third Party Advisory |
https://github.com/spwpun/pocs/blob/main/frr-bgpd.md | Exploit Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3HU4PKLUVB5CTMOVQ2GV33TNUNMJCBGD/ | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBXEXL2ZQBWCBLNUP6P67FHECXQWSK3L/ | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GM66PNHGCXZU66LQCTP2FSJLFF6CVMSI/ | Mailing List Third Party Advisory |
https://www.debian.org/security/2023/dsa-5495 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-04-03T00:00:00
Updated: 2023-09-19T21:06:30.759732
Reserved: 2022-07-25T00:00:00
Link: CVE-2022-36440
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-04-03T16:15:07.287
Modified: 2024-02-01T01:11:30.117
Link: CVE-2022-36440
JSON object: View
Redhat Information
No data.
CWE