Table of Contents
  • Home
  • /
  • Blog
  • /
  • Three BGP Message Parsing Vulnerabilities in FRRouting Protocol Suite
May 9, 2023

Three BGP Message Parsing Vulnerabilities in FRRouting Protocol Suite

Three Bgp Message Parsing Vulnerabilities In Frrouting Protocol Suite

A recent analysis of seven different implementations of the Border Gateway Protocol (BGP) by Forescout Vedere Labs has uncovered three new vulnerabilities in the software implementation of version 8.4 of FRRouting. The three vulnerabilities in BGP include CVE-2022-40302, CVE-2022-40318, and CVE-2022-43681. 

This blog will discuss these Message Paring vulnerabilities in FRRouting and how to mitigate the impact.  

A Short Note About FRRouting

FRRouting is an open-source internet routing protocol suite for Unix and Linux platforms. It offers a comprehensive set of protocols, including RIP, PIM, Babel, RIPv1, RIPv2, Is-Is, OSPFv2, OSPFv3, OpenFabric, PBR, RIPng, and VRRP. It also provides alpha support for NHRP and EIGRP. 

FRR was initially introduced by the Quagga developers working under the Quagga project. They joined forces to build a routing protocol stack that could improve Quaggas well-established foundation. 

It seamlessly integrates with native Unix/Linux IP networking stacks, which makes it a versatile routing stack that can be used for various purposes like internet peering, LAN switching and routing, advertising network services, connecting hosts, virtual machines, containers to the networks, and internet access routers. 

What is BGP (Border Gateway Protocol)?

Border Gateway Protocol (BGP) is a gateway protocol used by networks to communicate and exchange routing information between autonomous systems (AS). This helps data packets determine the best path to take through BGP peering.  

BGP supports the next-hop paradigm, transmitting packets to the most optimal choice among all potential routers to optimize network performance. It also supports CIDR, allowing for the efficient allocation of IP addresses and converses network bandwidth, enabling organizations to make the most out of their networks. 

BGP can be configured to implement policies that determine which routes are best for different situations. It runs over TCP, making it compatible with the rest of the internet, and it can also interface with SSL, VPNs, and TLS for secure communication.

BGP has various functions, including: 

  1. Initial peer acquisition and authentication

  2. Sending of reachability information

  3. Verification of peer and network connection functionality

  4. Information management functions of BGP route such as route storage, update, selection, and advertisement.

Summary of Three BGP Message Parsing Vulnerabilities in FRRouting Protocol Suite

Exploiting three new Message Paring vulnerabilities in FRRouting causes a denial-of-service (DoS) attack resulting in the BGP service crash and loss of network connectivity. Below are the three new vulnerabilities in BGP: 


  • Attack complexity: Low

  • CVSS Score: 6.5

CVE-2022-40302 is an out-of-bounds read vulnerability in the BGP OPEN Message Processing system. A remote attacker can exploit this vulnerability by sending a specially crafted BGP OPEN message, triggering an out-of-bounds read that could potentially crash the BGP service. 


  • Attack complexity: Low 

  • CVSS Score: 6.5

CVE-2022-40318 is a security vulnerability arising from an out-of-bounds read error while handling an incorrectly formed BGP OPEN message. This vulnerability is distinct from CVE-2022-40302, which involves a similar problem with an incorrectly formed BGP OPEN message. 


  • Attack complexity: Low 

  • CVSS Score: 6.5

CVE-2022-43681 is another vulnerability that affects Border Gateway Protocol (BGP) and is caused by an out-of-bounds read error similar to CVE-2022-40302 and CVE-2022-40318. The vulnerability can be triggered by processing an incorrect BGP OPEN message that ends with an octet or word, depending on the type of OPEN message. 

Test BGP Protocol Suites Using BGP Fuzzer Tool

The BGP fuzzer tool is an automated, dynamic testing tool to ensure the security of applications and protocols that use the Border Gateway Protocol (BGP). It tests billions of input combinations and priorities attacks generated dynamically and is more likely to cause product failure.  

To test BGP protocol suites using the BGP fuzzer tool, here are some steps: 

Step 1. Install the Python Packages

Before running the tool for the first time, install all the necessary Python packages.

Step 2. Start the Monitor on a Target Machine

To start the experimental monitor on a target machine, copy the code and execute the command $ python --ip [TARGET'S IP] --port [RPC port] --monitor [frr | bird | openbgpd] with the targets IP, RPC port, and monitor type. The command may require root permissions, and the output will display the targets PID. 

Step 3. Choose a Fuzz Suite to Run

The fuzzer tool offers four default fuzzer scripts for different BGP message types:,,, and You can comment or uncomment the test cases in the script to choose a test suite. Each test suite is accompanied by a description that outlines the kind of malformed packets it generates.

Step 4. Run the Fuzzer

To run a particular fuzz suite, you can use the following command: $ [FUZZ SUITE].py --fbgp_id [FUZZER'S BGP IDENTIFIER] --fasn [FUZZER'S ASN] --tip [TARGET'S IP ADDRESS] --trpc_port [TARGET'S RPC PORT]. 

Step 5. Get the Results

After running the fuzz suite, monitor the test case execution through BooFuzzs web interface. If you want to reproduce the crash, copy the raw output or run a Python script generated by the monitor in your current working directory. The script will have a name like You can run this script with the IP address of the target as an argument.

How to Mitigate the Three BGP Message Parsing Vulnerabilities in FRRouting Protocol Suite?

BGP is an important part of the internet, and several guidelines exist for securing it, such as those from the RIPE NCC, NSA, NIST, and the Internet Society. However, these guidelines primarily focus on known BGP security issues. It is important to consider that the vulnerabilities in open-source components can easily spread widely through the supply chain effect. 

The recent CVE-2022-40302 and CVE-2022-40318 issues highlight how the same vulnerable code can exist in multiple places within a codebase as a root cause for several vulnerabilities. It is possible that similar or identical code exists in other projects and impacts various products that use FRRouting.

To mitigate the risks of the vulnerabilities, such as those discovered in FRRouting, it is recommended to patch network infrastructure devices as frequently as possible. This can be achieved by maintaining an updated asset inventory that tracks all networking devices within the organization and their software versions. Software that provides granular visibility for each device in the network can make this process much easier.


These three new Message Parsing vulnerabilities in the FRRouting protocol suite are a significant concern for network security professionals. These vulnerabilities allow an attacker to remotely execute code on a targeted device, which can result in a range of negative consequences, including network downtime and data breaches. To mitigate the risk of these vulnerabilities in BGP, updating the software version to the latest one can help. 

We hope this post would help you know about the three BGP Message Parsing Vulnerabilities in FRRouting Protocol Suite. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this. 

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Application Security

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.



View All

Learn Something New with Free Email subscription