Описание
bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.
An out-of-bounds read flaw was found in FFrounting beyond the end of the stream during labeled unicast parsing. This issue may lead to application crash and denial of service.
Отчет
Red Hat OpenStack Platform does not ship its own version of the frr package, instead using the version from the underlying Red Hat Enterprise Linux. RHOSP is marked as Not Affected as no changes need to be made by the OpenStack engineering team. System administrators of OpenStack deployments should apply updates once available in RHEL.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.
bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.
bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond ...
bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.
Уязвимость файла bgpd/bgp_label.c программного средства реализации сетевой маршрутизации на Unix-подобных системах FRRouting, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.5 High
CVSS3