CVE-2022-40302: 
Alma Linux vulnerability analysis and mitigation

An issue was discovered in bgpd in FRRouting (FRR) through version 8.4. The vulnerability (CVE-2022-40302) involves an out-of-bounds read vulnerability when processing a malformed BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072). This vulnerability was discovered in May 2023 (NVD).

The vulnerability occurs due to inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in the 0xff case when processing BGP OPEN messages. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability can lead to a denial of service condition through either an assertion failure and daemon restart, or an out-of-bounds read. This can result in dropping all BGP sessions and routing tables, potentially rendering the peer unresponsive (Hacker News).

The vulnerability has been patched in multiple versions of FRRouting. Organizations using affected versions should upgrade to the patched versions. For Debian systems, fixes have been released in version 7.5.1-1.1+deb10u1 for Debian 10, version 7.5.1-1.1+deb11u2 for Debian 11 (bullseye), and version 8.4.4-1.1~deb12u1 for Debian 12 (bookworm) (Debian Security).