CVE-2022-37032 and CVE-2022-36440

[ajakk]

Github user @spwpun has published two vulnerabilities in frr. Reproducers are included in their disclosures:

https://github.com/spwpun/CVE-2022-37032/blob/main/poc.py
https://github.com/spwpun/pocs/blob/main/frr-bgpd.md

Is there any fix available?

[ton31337]

This is fixed in 8.4 and above.

[ajakk]

Where are the patch(es)?

[ton31337]

opensourcerouting@3e46b43

[carnil]

So

• CVE-2022-37032: ff6db10
• CVE-2022-36440: 3e46b43

correct?