DEBIAN-CVE-2022-43681

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/DEBIAN-CVE-2022-43681
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-43681.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2022-43681
Upstream
Published
2023-05-03T12:16:30Z
Modified
2025-09-25T03:08:00.008624Z
Summary
[none]
Details

An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition.

References

Affected packages

Debian:11 / frr

Package

Name
frr
Purl
pkg:deb/debian/frr?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.5.1-1.1+deb11u2

Affected versions

7.*

7.5.1-1.1
7.5.1-1.1+deb11u1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / frr

Package

Name
frr
Purl
pkg:deb/debian/frr?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.4.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / frr

Package

Name
frr
Purl
pkg:deb/debian/frr?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.4.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / frr

Package

Name
frr
Purl
pkg:deb/debian/frr?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.4.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}