CVE-2017-15865: Infoleak
First published: Wed Nov 08 2017(Updated: )
bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Frrouting Frrouting | <2.0.2 | |
| Frrouting Frrouting | =3.0 | |
| Frrouting Frrouting | =3.0-rc0 | |
| Frrouting Frrouting | =3.0-rc1 | |
| Frrouting Frrouting | =3.0-rc2 | |
| Frrouting Frrouting | =3.0-rc3 | |
| Frrouting Frrouting | =3.0.1 | |
| Cumulusnetworks Cumulus Linux | <3.4.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/101794
- https://frrouting.org/community/security.html
- https://lists.cumulusnetworks.com/pipermail/cumulus-security-announce/2017-November/000009.html
- https://support.cumulusnetworks.com/hc/en-us/articles/115014754307#rn690
- https://support.cumulusnetworks.com/hc/en-us/articles/115014778107-CVE-2017-15865-Malformed-BGP-UPDATE-Triggers-Information-Disclosure
Frequently Asked Questions
What is CVE-2017-15865?
CVE-2017-15865 is a vulnerability in bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, which allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer.
How does CVE-2017-15865 impact FRRouting?
CVE-2017-15865 allows remote attackers to obtain sensitive information through a malformed BGP UPDATE packet, potentially leading to unauthorized access or data leakage.
What is the severity of CVE-2017-15865?
The severity of CVE-2017-15865 is high, with a severity value of 7.5.
How can I fix CVE-2017-15865?
To fix CVE-2017-15865, it is recommended to upgrade FRRouting to version 2.0.2 or 3.0.2, or apply the necessary patches provided by the vendor.
Where can I find more information about CVE-2017-15865?
You can find more information about CVE-2017-15865 at the following references: - [Security Focus](http://www.securityfocus.com/bid/101794) - [FRRouting Security](https://frrouting.org/community/security.html) - [Cumulus Networks Security](https://lists.cumulusnetworks.com/pipermail/cumulus-security-announce/2017-November/000009.html)
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/frrouting
- canonical/frrouting frrouting
- version/frrouting frrouting/3.0
- version/frrouting frrouting/3.0-rc0
- version/frrouting frrouting/3.0-rc1
- version/frrouting frrouting/3.0-rc2
- version/frrouting frrouting/3.0-rc3
- version/frrouting frrouting/3.0.1
- vendor/cumulusnetworks
- canonical/cumulusnetworks cumulus linux