CVE-2022-37035
HIGHFRRouting 8.3 - Use-After-Free in BGP Packet Processing
Title source: llmDescription
An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation.
References (4)
Core 4
Core References
Exploit, Third Party Advisory
https://docs.google.com/document/d/1TqYEcZbFeDTMKe2N4XRFwyAjw_mynIHfvzwbx1fmJj8/edit?usp=sharing
Exploit, Third Party Advisory
https://github.com/FRRouting/frr/issues/11698
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2024/04/msg00019.html
Scores
CVSS v3
8.1
EPSS
0.0192
EPSS Percentile
77.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-362
Status
published
Products (1)
frrouting/frrouting
8.3
Published
Aug 02, 2022
Tracked Since
Feb 18, 2026