Bug 1196505 (CVE-2022-26125) - VUL-0: CVE-2022-26125: frr: overflow bugs in unpack_tlv_router_cap
Summary: VUL-0: CVE-2022-26125: frr: overflow bugs in unpack_tlv_router_cap
Status: RESOLVED FIXED
Alias: CVE-2022-26125
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/324793/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-26125:7.5:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2022-02-25 16:36 UTC by Carlos López
Modified: 2022-03-29 13:30 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2022-02-25 16:36:24 UTC 
rh#2058628

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c.

Upstream bug:
https://github.com/FRRouting/frr/issues/10507

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2058628
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26125
Comment 1 Carlos López 2022-02-25 16:39:51 UTC 
Affected:
 - SUSE:SLE-15-SP3:Update
 - openSUSE:Factory

Fix PR:
https://github.com/FRRouting/frr/pull/10517
Comment 2 Marius Tomaschewski 2022-02-28 08:59:09 UTC 
Thanks! Going to review and prepare update packages.
Comment 7 Gianluca Gabrielli 2022-03-08 08:15:28 UTC 
Hi Marius, we are not entitled to review your submissions. Once you are ready please submit to the codestreams pointed out by the security team (comment 1). Then your submissions will be reviewed by many people and if anything is wrong they will reach out to you directly. The same applies for all the other security-related issues assigned to you (I see you have other frr issues open).

One last thing, after you submitted to all the requested codestreams, please reassign the issue back to security-team@suse.de. Thanks
Comment 10 Swamp Workflow Management 2022-03-18 14:21:56 UTC 
SUSE-SU-2022:0901-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1180217,1196503,1196504,1196505,1196506,1196507
CVE References: CVE-2022-26125,CVE-2022-26126,CVE-2022-26127,CVE-2022-26128,CVE-2022-26129
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP4 (src):    frr-7.4-150300.4.3.1
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    frr-7.4-150300.4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2022-03-18 14:22:50 UTC 
openSUSE-SU-2022:0901-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1180217,1196503,1196504,1196505,1196506,1196507
CVE References: CVE-2022-26125,CVE-2022-26126,CVE-2022-26127,CVE-2022-26128,CVE-2022-26129
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    frr-7.4-150300.4.3.1
openSUSE Leap 15.3 (src):    frr-7.4-150300.4.3.1
Comment 12 Marcus Meissner 2022-03-29 13:30:45 UTC 
released