PT-2017-14247 · Frr+2 · Frrouting+2

Publicado

2017-11-08

Atualizado

2024-10-04

CVE-2017-15865

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions FRRouting (FRR) versions 2.0.2 and earlier, 3.x before 3.0.2 FRRouting (FRR) in Cumulus Linux before 3.4.3

Description The issue allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer. This occurs because of a mishandled attribute length, which triggers the transmission of up to a few thousand unintended bytes.

Recommendations For FRRouting (FRR) versions 2.0.2 and earlier, update to version 2.0.2 or later. For FRRouting (FRR) version 3.x, update to version 3.0.2 or later. For FRRouting (FRR) in Cumulus Linux before 3.4.3, update to Cumulus Linux version 3.4.3 or later.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2017-15865

OPENSUSE-SU-2024_3478-1

OPENSUSE-SU-2024_3524-1

SUSE-SU-2024:3426-1

SUSE-SU-2024:3433-1

SUSE-SU-2024:3478-1

SUSE-SU-2024:3524-1

SUSE-SU-2024_3524-1

Produtos afetados

Cumulus Linux

Frrouting

Suse

PT-2017-14247 · Frr+2 · Frrouting+2

CVE-2017-15865

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 44