CVE-2022-36440 (https://github.com/spwpun/pocs): https://github.com/spwpun/pocs/blob/main/frr-bgpd.md A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS. Looks like there's another unpublished "vulnerability" irresponsibly disclosed in this person's Github account, a heap buffer overread: https://github.com/spwpun/CVE-2022-37032/blob/main/poc.py Reported upstream at: https://github.com/FRRouting/frr/issues/13202
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d73e4bec2216ced5da63e04932f79f1f5b8468c4 commit d73e4bec2216ced5da63e04932f79f1f5b8468c4 Author: Jakov Smolić <jsmolic@gentoo.org> AuthorDate: 2023-04-04 08:03:36 +0000 Commit: Jakov Smolić <jsmolic@gentoo.org> CommitDate: 2023-04-04 08:06:18 +0000 net-misc/frr: add 8.5 Bug: https://bugs.gentoo.org/903757 Signed-off-by: Jakov Smolić <jsmolic@gentoo.org> net-misc/frr/Manifest | 1 + net-misc/frr/frr-8.5.ebuild | 149 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 150 insertions(+)
Fixed in 8.4 onwards according to upstream.
8.5 isn’t in the tree anymore, to maybe we can close this one?
