Описание
The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.
An uncontrolled resource consumption flaw was discovered in the way tcpdump prints BGP packets. The BGP protocol allows ATTR_SET to be nested as many times as the message can accommodate, however when a specially crafted packet is crafted and parsed by tcpdump, this may lead to stack exhaustion due to uncontrolled recursion. System availability is the highest threat from this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | tcpdump | Out of support scope | ||
| Red Hat Enterprise Linux 6 | tcpdump | Out of support scope | ||
| Red Hat Enterprise Linux 7 | tcpdump | Fix deferred | ||
| Red Hat Enterprise Linux 8 | tcpdump | Fixed | RHSA-2020:4760 | 04.11.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.
The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.
The BGP parser in tcpdump before 4.9.3 allows stack consumption in pri ...
The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.
Уязвимость функции print-bgp.c:bgp_attr_print() утилиты для перехвата и анализа сетевого трафика tcpdump, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.5 High
CVSS3