Debian LTS: DLA-3865-1 Critical: frr Buffer Overflow and Remote Code Exec
debian lts
September 3, 2024
Several vulnerabilities have been found in frr, the FRRouting suite of internet protocols
Summary
CVE-2022-26125
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to
wrong checks on the input packet length in isisd/isis_tlvs.c.
CVE-2022-26126
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to
the use of strdup with a non-zero-terminated binary string in
isis_nb_notifications.c.
CVE-2022-26127
A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to
missing a check on the input packet length in the babel_packet_examin
function in babeld/message.c.
CVE-2022-26128
A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to
a wrong check on the input packet length in the babel_packet_examin
function in babeld/message.c.
CVE-2022-26129
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to
wrong checks on the subtlv length in the functions, parse_hello_subtlv,
parse_ihu_subtlv, and parse_update_subtlv in babeld/message.c.
CVE-2022-37035
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: frr
Version: 7.5.1-1.1+deb11u3
CVE ID: CVE-2022-26125 CVE-2022-26126 CVE-2022-26127 CVE-2022-26128
Debian Bug: 1008010 1016978 1055852 1079649
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!