vulnerability

SUSE: CVE-2022-37035: SUSE Linux Security Advisory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	2022-08-02	2022-11-21	2025-01-28

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

2022-08-02

Added

2022-11-21

Modified

2025-01-28

Description

An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation.

Solution(s)

suse-upgrade-frrsuse-upgrade-frr-develsuse-upgrade-libfrr0suse-upgrade-libfrr_pb0suse-upgrade-libfrrcares0suse-upgrade-libfrrfpm_pb0suse-upgrade-libfrrgrpc_pb0suse-upgrade-libfrrospfapiclient0suse-upgrade-libfrrsnmp0suse-upgrade-libfrrzmq0suse-upgrade-libmlag_pb0

References

CVE-2022-37035
https://attackerkb.com/topics/CVE-2022-37035

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today