Описание
sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers can craft malformed packets causing the process to consume large amounts of memory resulting in a denial of service.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.4.4 (исключая)
cpe:2.3:a:cloudflare:goflow:*:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00693
Низкий
7.5 High
CVSS3
Дефекты
CWE-20
CWE-400
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Cloudflare GoFlow vulnerable to a Denial of Service in the sflow packet handling package
EPSS
Процентиль: 71%
0.00693
Низкий
7.5 High
CVSS3
Дефекты
CWE-20
CWE-400