Описание
bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492).
Ссылки
- Third Party AdvisoryVDB Entry
- Issue TrackingVendor Advisory
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingVendor Advisory
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Одновременно
Одно из
EPSS
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in ...
bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492).
EPSS
7.5 High
CVSS3
5 Medium
CVSS2