Debian Long Term Support / LTS Security Information / 2022 / Security Information -- DLA-3211-1 frr

Debian Security Advisory

DLA-3211-1 frr -- LTS security update

Date Reported:

28 Nov 2022

Affected Packages:

frr

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2022-37032.

More information:

It was discovered that there was a potential out-of-bounds read in the BGP daemon of frr, a set of tools to route internet traffic.

• CVE-2022-37032

  An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.

For Debian 10 Buster, this problem has been fixed in version 6.0.2-2+deb10u2.

We recommend that you upgrade your frr packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS