Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c. Upstream bug: https://github.com/FRRouting/frr/issues/10507
Created frr tracking bugs for this issue: Affects: fedora-all [bug 2072473]
patch: https://github.com/FRRouting/frr/pull/10517/commits/9ba865f54d331c550629304cb25e77ac81455803
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:8112 https://access.redhat.com/errata/RHSA-2022:8112
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-26125