Описание
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.
An out-of-bounds read flaw was found in FRRouting in bgpd/bgp_packet.c, resulting from a boundary condition. This flaw allows a remote attacker, through specially crafted input, to read the initial byte of the ORF header in an ahead-of-stream scenario. This attacker can gain information and potentially launch further attacks against the affected system.
Отчет
In Red Hat Enterprise Linux 8, the vulnerable code is not included. It was added in FRR-8.4 in upstream. The highest version of FRR utilized in RHEL-8 is 7.5. Hence, versions of FRR shipped with RHEL-8 are not affected by this vulnerability. Red Hat Product Security rated this vulnerability as a LOW security impact because it only exposes the initial byte of the ORF header in an ahead-of-stream situation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | frr | Not affected | ||
| Red Hat Enterprise Linux 9 | frr | Fixed | RHSA-2024:2156 | 30.04.2024 |
Показывать по
Дополнительная информация
Статус:
4.8 Medium
CVSS3
Связанные уязвимости
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet. ...
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.
4.8 Medium
CVSS3