SB2022091376 - Multiple vulnerabilities in FRRouting (FRR)

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2022-37035)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing BGP packets within the bgp_notify_send_with_data() and bgp_process_packet() function in bgp_packet.c. A remote attacker can send specially crafted BGP packets to the affected daemon, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

2) Out-of-bounds read (CVE-ID: CVE-2022-37032)

The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when processing BGP messages. A remote attacker can send specially crafted BGP messages to the system, trigger an out-of-bounds read error and read contents of memory on the system or crash the BGP daemon.

3) Memory leak (CVE-ID: CVE-2019-25074)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak when processing IS-IS HELLO packets. A remote attacker can send specially crafted packets to the IS-IS daemon, trigger memory leak and perform denial of service attack.

Remediation

Install update from vendor's website.

References

• https://docs.google.com/document/d/1TqYEcZbFeDTMKe2N4XRFwyAjw_mynIHfvzwbx1fmJj8/edit?usp=sharing
• https://github.com/FRRouting/frr/issues/11698
• https://github.com/FRRouting/frr/commit/ff6db1027f8f36df657ff2e5ea167773752537ed
• https://bugzilla.suse.com/show_bug.cgi?id=1202023
• https://github.com/FRRouting/frr/commit/49efc80d342d8e8373c8af040580bd7940808730
• https://bugzilla.suse.com/show_bug.cgi?id=1202022