Source: frr X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerability was published for frr. CVE-2022-37035[0]: | An issue was discovered in bgpd in FRRouting (FRR) 8.3. In | bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, | there is a possible use-after-free due to a race condition. This could | lead to Remote Code Execution or Information Disclosure by sending | crafted BGP packets. User interaction is not needed for exploitation. https://github.com/FRRouting/frr/issues/11698 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-37035 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37035 Please adjust the affected versions in the BTS as needed.
