Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2017-15865
HistoryNov 08, 2017 - 8:29 p.m.

CVE-2017-15865

2017-11-0820:29:00
Debian Security Bug Tracker
security-tracker.debian.org
17
cve-2017-15865
frrouting
bgpd
sensitive information disclosure
bgp update packet
cumulus linux
attribute length
remote attackers
unix

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

70.8%

bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492).

OSVersionArchitecturePackageVersionFilename
Debian12allfrr< 8.4.4-1.1~deb12u1frr_8.4.4-1.1~deb12u1_all.deb
Debian11allfrr< 7.5.1-1.1+deb11u2frr_7.5.1-1.1+deb11u2_all.deb
Debian999allfrr< 10.2-1frr_10.2-1_all.deb
Debian13allfrr< 10.1.1-0.1frr_10.1.1-0.1_all.deb

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

70.8%

Related for DEBIANCVE:CVE-2017-15865