An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-08-02T00:00:00

Updated: 2024-08-03T10:21:32.624Z

Reserved: 2022-07-29T00:00:00

Link: CVE-2022-37035

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-08-02T23:15:18.230

Modified: 2024-11-21T07:14:19.953

Link: CVE-2022-37035

cve-icon Redhat

Severity : Moderate

Publid Date: 2022-08-03T00:00:00Z

Links: CVE-2022-37035 - Bugzilla