VDB

CVE-2022-37035

CVE-2022-37035 PUBLISHED

An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation.

EPSS 2.65% · 86.1th percentile

Risk Scores

EPSS Score
2.65%
86.1th percentile

Affected Products

VendorProductVersions
n/an/a*
frroutingfrrouting8.3

Timeline

  • Aug 2, 2022 CVE Published
  • Aug 3, 2022 EPSS Score
  • Aug 11, 2022 EPSS Score
  • Nov 4, 2022 EPSS Score
  • Dec 20, 2022 EPSS Score
  • Feb 5, 2023 EPSS Score
  • Mar 23, 2023 EPSS Score
  • May 8, 2023 EPSS Score
  • Jun 24, 2023 EPSS Score
  • Aug 9, 2023 EPSS Score
  • Nov 10, 2023 EPSS Score
  • Dec 27, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›