CVE-2022-26126

Опубликовано: 05 фев. 2022

Источник: redhat

CVSS3: 7.8

Описание

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c.

frrouting is vulnerable to a flaw that can cause stack overflow due to processing binary data as simple string data. Since c string data is not being processed when processing packets , correct binary aware functions should be used. There is high impact to availability due to the fact that the process up-time can be made unreliable.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 8	frr	Will not fix
Red Hat Enterprise Linux 9	frr	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-120

https://bugzilla.redhat.com/show_bug.cgi?id=2058640frrouting: Misusing strdup leads to stack overflow in isis_nb_notifications.c

7.8 High

CVSS3

Связанные уязвимости

CVE-2022-26126

CVSS3: 7.8

ubuntu

почти 4 года назад

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c.

CVE-2022-26126

CVSS3: 7.8

nvd

почти 4 года назад

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c.

CVE-2022-26126

CVSS3: 7.8

debian

почти 4 года назад

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due t ...

GHSA-mv8p-w8jf-x9q9

CVSS3: 7.8

github

почти 4 года назад

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c.

openSUSE-SU-2022:0901-1

suse-cvrf

почти 4 года назад

Security update for frr

7.8 High

CVSS3