What is CVE-2022-43681?

A medium-severity vulnerability exists in the BGP daemon of FRRouting affecting Debian. An out-of-bounds read can lead to a Denial-of-Service condition. Immediate action is required to mitigate risks.

What is the severity of CVE-2022-43681?

CVE-2022-43681 has a severity rating of MEDIUM with a CVSS base score of 6.5.

CVE-2022-43681 | Medium Vulnerability in Debian FRRouting

An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition.

This vulnerability allows attackers to disrupt service by exploiting the flaw in the BGP daemon, making the availability impact high. With a CVSS score of 6.5, this vulnerability is classified as medium severity. Organizations should prioritize patching immediately to prevent potential service interruptions.

Risk to organizations includes potential downtime and loss of service availability. Attackers may leverage this vulnerability to send malformed packets, resulting in the crashing of the BGP daemon. Given this potential impact, it is crucial for organizations using affected versions to act swiftly.

Currently, there is no public exploit confirmed for this vulnerability, and it has not been included in known exploitation lists. However, organizations should remain vigilant and monitor their systems for any unusual behavior.

Vulnerability Details

The CVE-2022-43681 vulnerability affects the BGP daemon of FRRouting FRR in versions up to 8.4. This out-of-bounds read can be triggered by sending malformed BGP OPEN messages, leading to a SIGABRT signal and a subsequent restart of the bgpd daemon. The official CVSS score is 6.5, indicating a medium severity level due to the high availability impact while confidentiality and integrity impacts remain none.

Technical Analysis

The root cause of this vulnerability lies in improper handling of malformed BGP OPEN messages. When these messages reach the BGP daemon, the code attempts to read data beyond the allocated boundaries of the packet, leading to a crash. The attack vector is network-based, requiring low complexity and only low privileges to exploit. Importantly, user interaction is not required, making this vulnerability particularly concerning.

The impacts on confidentiality and integrity are none, but the availability impact is high, as the daemon's crash results in service disruption. Given that this vulnerability affects the BGP daemon, it poses a significant risk to network operations.

Risk & Impact Analysis

Real-world deployment risk is substantial due to the potential for service disruption. Organizations that rely on the BGP daemon for routing may experience outages, impacting their operational capabilities. The urgency to address this vulnerability is underscored by its medium severity and high availability impact. Organizations should assess their exposure and prioritize remediation within their patch cycle.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The vulnerability affects FRRouting versions up to 8.4, as well as Debian Linux versions 10.0, 11.0, and 12.0. Organizations running these versions should take immediate action to mitigate risks associated with this vulnerability.

Mitigation & Remediation

Organizations should apply the latest patches provided by the vendor to remediate the vulnerability. If a patch is unavailable, consider implementing network controls and monitoring to detect exploit attempts. For effective remediation, organizations can refer to the penetration testing services to identify weaknesses in their systems.

Detection Guidance

Monitoring logs for unusual behavior related to the BGP daemon can help detect potential exploitation attempts. Organizations should also track system changes and identify behavioral anomalies that could indicate a compromise.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2022-43681 lies in its demonstration of how malformed network packets can exploit vulnerabilities in widely used protocols. This incident underscores the need for thorough validation of incoming network messages. Security teams should learn from this and enhance their defensive strategies by adopting proactive measures, such as regular security assessments. Security teams can refer to our vulnerability management program and consider our penetration testing methodology for effective risk management.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2022-43681: Medium Vulnerability in Debian FRRouting