Security Information / 2023 / Security Information -- DSA-5362-1 frr

Debian Security Advisory

DSA-5362-1 frr -- security update

Date Reported:

24 Feb 2023

Affected Packages:

frr

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 1021016.
In Mitre's CVE dictionary: CVE-2022-37032.

More information:

An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.

For the stable distribution (bullseye), this problem has been fixed in version 7.5.1-1.1+deb11u1.

We recommend that you upgrade your frr packages.

For the detailed security status of frr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/frr