PT-2017-14247 · Frr+2 · Frrouting+2

Published

2017-11-08

Updated

2024-10-04

CVE-2017-15865

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions FRRouting (FRR) versions 2.0.2 and earlier, 3.x before 3.0.2 FRRouting (FRR) in Cumulus Linux before 3.4.3

Description The issue allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer. This occurs because of a mishandled attribute length, which triggers the transmission of up to a few thousand unintended bytes.

Recommendations For FRRouting (FRR) versions 2.0.2 and earlier, update to version 2.0.2 or later. For FRRouting (FRR) version 3.x, update to version 3.0.2 or later. For FRRouting (FRR) in Cumulus Linux before 3.4.3, update to Cumulus Linux version 3.4.3 or later.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-15865

OPENSUSE-SU-2024_3478-1

OPENSUSE-SU-2024_3524-1

SUSE-SU-2024:3426-1

SUSE-SU-2024:3433-1

SUSE-SU-2024:3478-1

SUSE-SU-2024:3524-1

SUSE-SU-2024_3524-1

Affected Products

Cumulus Linux

Frrouting

Suse

PT-2017-14247 · Frr+2 · Frrouting+2

CVE-2017-15865

Weakness Enumeration

Related Identifiers

Affected Products

References · 44