VDB
CVE-2022-26126
CVE-2022-26126
PUBLISHED
CVSS 6.800000190734863 MEDIUM
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c.
EPSS 0.09% · 26.0th percentile
Risk Scores
CVSS v2.0
6.800000190734863
EPSS Score
0.09%
26.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| fedoraproject | fedora | 34, 35, 36 |
| n/a | FRRouting | through 8.1.0 |
| frrouting | frrouting | 0 |
Timeline
- Mar 3, 2022 CVE Published
- Mar 4, 2022 EPSS Score
- Apr 25, 2022 EPSS Score
- Jun 15, 2022 EPSS Score
- Aug 7, 2022 EPSS Score
- Sep 27, 2022 EPSS Score
- Nov 18, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 1, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 21, 2023 EPSS Score
- Jun 12, 2023 EPSS Score
References
- https://github.com/FRRouting/frr/issues/10505 url
- FEDORA-2022-3b86b4a6ef vendor-advisory
- FEDORA-2022-c8c2e42934 vendor-advisory
- FEDORA-2022-376cb924bd vendor-advisory
- [debian-lts-announce] 20240428 [SECURITY] [DLA 3797-1] frr security update mailing-list
- https://lists.debian.org/debian-lts-announce/2024/09/msg00007.html url
- https://nvd.nist.gov/vuln/detail/CVE-2022-26126 advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MIEQNIWUSBQTFR65HM2LLIB7PH27CZUZ url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTYSAL4QCE4XWMMBKUB7LSLPAFLWUML4 url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XUCZR6RYQVZ35BFUV7OLIUEHZW2433I2 url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MIEQNIWUSBQTFR65HM2LLIB7PH27CZUZ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTYSAL4QCE4XWMMBKUB7LSLPAFLWUML4 url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XUCZR6RYQVZ35BFUV7OLIUEHZW2433I2 url