CVE-2017-15865
Description
bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492).
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.55
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP6 ) quagga-devel-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP5 ) quagga-devel-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP6 ) quagga-debugsource-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP5 ) quagga-debugsource-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP6 ) quagga-debuginfo-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP5 ) quagga-debuginfo-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP6 ) quagga-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP5 ) quagga-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP6 ) libzebra1-debuginfo-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP5 ) libzebra1-debuginfo-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP6 ) libzebra1-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP5 ) libzebra1-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP6 ) libquagga_pb0-debuginfo-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP5 ) libquagga_pb0-debuginfo-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP6 ) libquagga_pb0-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP5 ) libquagga_pb0-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP6 ) libospfapiclient0-debuginfo-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP5 ) libospfapiclient0-debuginfo-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP6 ) libospfapiclient0-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP5 ) libospfapiclient0-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP6 ) libospf0-debuginfo-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP5 ) libospf0-debuginfo-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP6 ) libospf0-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP5 ) libospf0-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP6 ) libfpm_pb0-debuginfo-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP5 ) libfpm_pb0-debuginfo-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP6 ) libfpm_pb0-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2024:3478-1(Server Applications Module 15-SP5 ) libfpm_pb0-1.1.1-150400.12.8.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234