Race Condition Vulnerability in FRRouting (FRR) 8.3 Allows Remote Code Execution and Information Disclosure

Race Condition Vulnerability in FRRouting (FRR) 8.3 Allows Remote Code Execution and Information Disclosure

CVE-2022-37035 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation.

Learn more about our User Device Pen Test.