CVE-2022-26125 in FRRouting
Summary
by MITRE • 03/03/2022
Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 11/05/2025
The vulnerability CVE-2022-26125 represents a critical buffer overflow flaw within FRRouting software version 8.1.0 and earlier, specifically impacting the isisd daemon responsible for IS-IS routing protocol implementation. This issue arises from inadequate validation of input packet lengths within the isis_tlvs.c source file, creating a condition where maliciously crafted network packets can trigger memory corruption. The flaw directly relates to CWE-121, which describes stack-based buffer overflow conditions, and CWE-122, covering heap-based buffer overflow scenarios that can occur when insufficient bounds checking is performed on user-supplied data.
The technical exploitation of this vulnerability occurs when the isisd process receives IS-IS protocol packets containing malformed TLV (Type-Length-Value) structures with oversized length fields. The insufficient input validation in isis_tlvs.c fails to properly verify that incoming packet lengths do not exceed predetermined buffer boundaries, allowing attackers to craft packets that will cause the software to write beyond allocated memory regions. This condition can lead to arbitrary code execution, denial of service, or system compromise depending on the specific memory corruption patterns encountered during exploitation. The vulnerability operates at the network protocol level within the routing daemon, making it particularly dangerous as it can be triggered by remote network traffic without requiring authentication or local access.
From an operational standpoint, this vulnerability poses significant risks to network infrastructure relying on FRRouting for IS-IS protocol implementation, particularly in enterprise and service provider environments where routing stability is paramount. The impact extends beyond simple service disruption as successful exploitation could enable attackers to gain unauthorized access to network devices, potentially leading to complete network compromise. Network administrators face the challenge of identifying vulnerable systems within their infrastructure, as the vulnerability may not manifest immediately and could be exploited over time. The flaw affects both IPv4 and IPv6 implementations within the IS-IS protocol stack, making it applicable across multiple network environments and increasing the attack surface.
Mitigation strategies for CVE-2022-26125 should prioritize immediate patching of all affected FRRouting instances to versions 8.1.1 or later where the buffer overflow protections have been implemented. Network segmentation and access control measures should be enforced to limit exposure of vulnerable routing daemons to untrusted networks. Implementing monitoring solutions that detect anomalous IS-IS packet patterns and implementing input validation at network boundaries can provide additional defensive layers. The ATT&CK framework categorizes this vulnerability under T1210 - Exploitation of Remote Services, with potential lateral movement capabilities once initial compromise occurs. Organizations should also consider implementing network traffic analysis tools to identify and block malformed IS-IS packets that could exploit this vulnerability. Regular security assessments and vulnerability scanning should include verification of FRRouting versions and proper implementation of buffer overflow protections to prevent similar issues in the future.