CVE-2022-37032

CRITICAL

FRRouting < 8.4 - Out-of-bounds Read in BGP Capability Message Parser

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-37032. PoCs published by spwpun.

AI-analyzed exploit summary This PoC demonstrates a heap-buffer-overflow vulnerability in FRRouting's BGP daemon (bgpd) by sending malformed BGP capability messages. The exploit triggers an AddressSanitizer error in `bgp_capability_msg_parse`, leading to a crash.

Description

An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.

Exploits (1)

nomisec WORKING POC 3 stars
by spwpun · poc
https://github.com/spwpun/CVE-2022-37032

This PoC demonstrates a heap-buffer-overflow vulnerability in FRRouting's BGP daemon (bgpd) by sending malformed BGP capability messages. The exploit triggers an AddressSanitizer error in `bgp_capability_msg_parse`, leading to a crash.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: FRRouting (bgpd) with dynamic capability enabled
No auth needed
Prerequisites: BGP daemon with `neighbor PEER capability dynamic` configured · Network access to BGP port (179)
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 9.1
EPSS 0.0153
EPSS Percentile 71.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Details

CWE
CWE-125
Status published
Products (3)
debian/debian_linux 10.0
debian/debian_linux 11.0
frrouting/frrouting < 8.4
Published Sep 19, 2022
Tracked Since Feb 18, 2026