High severity8.1NVD Advisory· Published Aug 2, 2022· Updated Jun 17, 2026
CVE-2022-37035
CVE-2022-37035
Description
An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- FRR/FRRoutingdescription
- osv-coords5 versionspkg:rpm/opensuse/frr&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/frr&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/frr&distro=openSUSE%20Tumbleweedpkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3pkg:rpm/suse/frr&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP4
< 7.4-150300.4.10.1+ 4 more
- (no CPE)range: < 7.4-150300.4.10.1
- (no CPE)range: < 7.4-150300.4.10.1
- (no CPE)range: < 8.4-1.1
- (no CPE)range: < 7.4-150300.4.10.1
- (no CPE)range: < 7.4-150300.4.10.1
Patches
Vulnerability mechanics
References
4- docs.google.com/document/d/1TqYEcZbFeDTMKe2N4XRFwyAjw_mynIHfvzwbx1fmJj8/editnvdExploitThird Party Advisory
- github.com/FRRouting/frr/issues/11698nvdExploitThird Party Advisory
- lists.debian.org/debian-lts-announce/2024/04/msg00019.htmlnvd
- lists.debian.org/debian-lts-announce/2024/09/msg00007.htmlnvd
News mentions
0No linked articles in our index yet.