CVE-2022-26125: 
Rocky Linux vulnerability analysis and mitigation

CVE-2022-26125 is a buffer overflow vulnerability discovered in FRRouting through version 8.1.0. The vulnerability stems from incorrect checks on input packet length in the isisd/isis_tlvs.c file. This security flaw was identified on February 25, 2022, and affects the FRRouting suite, which manages TCP/IP-based routing protocols (NVD, Debian Security).

The vulnerability exists in the unpacktlvroutercap function within isisd/isistlvs.c. The issue arises from a loop condition where subtlvlen > 2 and subtlvlen is updated at the end of the loop. When subtlvlen < length + 2, integer overflow can occur, potentially leading to heap overflows in subsequent loop iterations. The vulnerability is particularly concerning as subtlvlen and length are of uint8_t type, making overflow scenarios more likely. The CVSS v3.1 base score is 7.8 (High) with the vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (GitHub Issue, NVD).

The buffer overflow vulnerability can lead to heap overflows, potentially resulting in remote code execution, system crashes, or information disclosure. The high CVSS score reflects the significant impact on system confidentiality, integrity, and availability when successfully exploited (NVD, Debian Security).

Multiple vendors have released patches to address this vulnerability. Debian has fixed the issue in version 7.5.1-1.1+deb10u2 for Debian 10 (Buster). Red Hat has addressed the vulnerability in frr version 8.2.2-4.el9. Users are strongly advised to upgrade their FRRouting installations to the latest patched versions (Debian Security, Red Hat).