Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2022-43681 | First vendor Publication | 2023-05-03 |
Vendor | Cve | Last vendor Modification | 2024-02-16 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | |||
---|---|---|---|
Overall CVSS Score | 6.5 | ||
Base Score | 6.5 | Environmental Score | 6.5 |
impact SubScore | 3.6 | Temporal Score | 6.5 |
Exploitabality Sub Score | 2.8 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | Low | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | None |
Integrity Impact | None | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | N/A | Attack Range | N/A |
Cvss Impact Score | N/A | Attack Complexity | N/A |
Cvss Expoit Score | N/A | Authentication | N/A |
Calculate full CVSS 2.0 Vectors scores |
Detail
An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43681 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-125 | Out-of-bounds Read |
CPE : Common Platform Enumeration
Sources (Detail)
Source | Url |
---|---|
DEBIAN | https://www.debian.org/security/2023/dsa-5495 |
MISC | https://forescout.com |
MLIST | https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html |
Alert History
Date | Informations |
---|---|
2024-02-16 21:27:56 |
|
2023-09-20 05:27:38 |
|
2023-09-12 09:27:54 |
|
2023-05-19 21:27:32 |
|
2023-05-10 21:27:23 |
|
2023-05-03 21:27:14 |
|
2023-05-03 17:27:17 |
|