CVE-2022-36440: 
Alma Linux vulnerability analysis and mitigation

A reachable assertion vulnerability (CVE-2022-36440) was discovered in Frrouting frr-bgpd version 8.3.0, specifically in the peek_for_as4_capability function. The vulnerability was discovered by spwpun and cjt, and affects the BGP daemon component of the FRRouting suite (FRR POC, Debian Advisory).

The vulnerability stems from insufficient length checking for BGP open messages with extended optional parameters. When setting extended-optional-parameters, a one-byte out-of-bound read occurs if the extend optional parameters data in the packet lacks sufficient length. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability can result in a Denial of Service (DoS) condition through application crash. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, causing the service to terminate (FRR POC).

Multiple distributions have released security updates to address this vulnerability. Debian has fixed the issue in version 7.5.1-1.1+deb11u2 for bullseye and 8.4.4-1.1~deb12u1 for bookworm. Fedora has addressed it in version 8.5-1 for Fedora 36, 37, and 38 (Debian Advisory, Fedora Update).