Описание
An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | released | 8.1-1ubuntu3 |
| esm-apps/focal | released | 7.2.1-1ubuntu0.2+esm2 |
| focal | ignored | end of standard support, was needed |
| jammy | released | 8.1-1ubuntu1.2 |
| kinetic | released | 8.1-1ubuntu3 |
| lunar | released | 8.1-1ubuntu3 |
| mantic | released | 8.1-1ubuntu3 |
| noble | released | 8.1-1ubuntu3 |
| oracular | released | 8.1-1ubuntu3 |
Показывать по
EPSS
8.1 High
CVSS3
Связанные уязвимости
An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation.
An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation.
An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_ ...
An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation.
Уязвимость функций bgp_notify_send_with_data() и bgp_process_packet() (bgp_packet.c) программного средства реализации сетевой маршрутизации на Unix-подобных системах FRRouting, позволяющая нарушителю выполнить произвольный код
EPSS
8.1 High
CVSS3