Bug 1196505 (CVE-2022-26125)

Summary: VUL-0: CVE-2022-26125: frr: overflow bugs in unpack_tlv_router_cap
Product: [Novell Products] SUSE Security Incidents Reporter: Carlos López <carlos.lopez>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: gianluca.gabrielli, mardnh, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/324793/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-26125:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Carlos López 2022-02-25 16:36:24 UTC 
rh#2058628

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c.

Upstream bug:
https://github.com/FRRouting/frr/issues/10507

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2058628
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26125
Comment 1 Carlos López 2022-02-25 16:39:51 UTC 
Affected:
 - SUSE:SLE-15-SP3:Update
 - openSUSE:Factory

Fix PR:
https://github.com/FRRouting/frr/pull/10517
Comment 2 Marius Tomaschewski 2022-02-28 08:59:09 UTC 
Thanks! Going to review and prepare update packages.
Comment 7 Gianluca Gabrielli 2022-03-08 08:15:28 UTC 
Hi Marius, we are not entitled to review your submissions. Once you are ready please submit to the codestreams pointed out by the security team (comment 1). Then your submissions will be reviewed by many people and if anything is wrong they will reach out to you directly. The same applies for all the other security-related issues assigned to you (I see you have other frr issues open).

One last thing, after you submitted to all the requested codestreams, please reassign the issue back to security-team@suse.de. Thanks
Comment 10 Swamp Workflow Management 2022-03-18 14:21:56 UTC 
SUSE-SU-2022:0901-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1180217,1196503,1196504,1196505,1196506,1196507
CVE References: CVE-2022-26125,CVE-2022-26126,CVE-2022-26127,CVE-2022-26128,CVE-2022-26129
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP4 (src):    frr-7.4-150300.4.3.1
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    frr-7.4-150300.4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2022-03-18 14:22:50 UTC 
openSUSE-SU-2022:0901-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1180217,1196503,1196504,1196505,1196506,1196507
CVE References: CVE-2022-26125,CVE-2022-26126,CVE-2022-26127,CVE-2022-26128,CVE-2022-26129
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    frr-7.4-150300.4.3.1
openSUSE Leap 15.3 (src):    frr-7.4-150300.4.3.1
Comment 12 Marcus Meissner 2022-03-29 13:30:45 UTC 
released