Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 903757 (CVE-2022-36440, CVE-2022-37032) - <net-misc/frr-8.4.1: DoS vulnerability via reachable assertion
Summary: <net-misc/frr-8.4.1: DoS vulnerability via reachable assertion
Status: IN_PROGRESS
Alias: CVE-2022-36440, CVE-2022-37032
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: https://github.com/FRRouting/frr/issu...
Whiteboard: B3 [glsa?]
Keywords:
Depends on:
Blocks:
 
Reported: 2023-04-04 04:22 UTC by John Helmert III
Modified: 2024-10-02 14:49 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-04-04 04:22:14 UTC
CVE-2022-36440 (https://github.com/spwpun/pocs):
https://github.com/spwpun/pocs/blob/main/frr-bgpd.md

A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS.

Looks like there's another unpublished "vulnerability" irresponsibly
disclosed in this person's Github account, a heap buffer overread:

https://github.com/spwpun/CVE-2022-37032/blob/main/poc.py

Reported upstream at: https://github.com/FRRouting/frr/issues/13202
Comment 1 Larry the Git Cow gentoo-dev 2023-04-04 08:07:52 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d73e4bec2216ced5da63e04932f79f1f5b8468c4

commit d73e4bec2216ced5da63e04932f79f1f5b8468c4
Author:     Jakov Smolić <jsmolic@gentoo.org>
AuthorDate: 2023-04-04 08:03:36 +0000
Commit:     Jakov Smolić <jsmolic@gentoo.org>
CommitDate: 2023-04-04 08:06:18 +0000

    net-misc/frr: add 8.5
    
    Bug: https://bugs.gentoo.org/903757
    Signed-off-by: Jakov Smolić <jsmolic@gentoo.org>

 net-misc/frr/Manifest       |   1 +
 net-misc/frr/frr-8.5.ebuild | 149 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 150 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-04-16 18:29:45 UTC
Fixed in 8.4 onwards according to upstream.
Comment 3 Alarig Le Lay 2024-10-02 14:49:36 UTC
8.5 isn’t in the tree anymore, to maybe we can close this one?