Lucene search

K
redosRedosROS-20240403-09
HistoryApr 03, 2024 - 12:00 a.m.

ROS-20240403-09

2024-04-0300:00:00
redos.red-soft.ru
7
frrouting
vulnerability
unix-like systems
denial of service
memory buffer
bgp protocol
remote exploitation

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.1%

Vulnerability of the peek_for_as4_capability function of the software tool for implementing network routing on Unix-like systems FRRouting is related to flaws in the use of the assert() function.
Unix-like systems FRRouting is related to flaws in using assert() function. Exploitation
The vulnerability could allow an attacker acting remotely to cause a denial of service

Vulnerability in bgp_attr_psid_sub() function of network routing implementation software on Unix-like FRRouting systems.
Unix-like systems FRRouting is related to failure to take measures to neutralize special elements.
Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service

Vulnerability in the bgpd daemon of a software tool for implementing network routing on Unix-like systems
FRRouting is related to an operation out of buffer boundaries in memory when processing BGP OPEN messages with a
octet or word length. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
remotely to cause a denial of service

Vulnerability in the BGP OPEN Message Handler component of the network routing implementation software on Unix-like FRRR systems.
Unix-like systems FRRouting vulnerability is related to operation out of buffer boundaries in memory. Exploitation
The vulnerability could allow an attacker acting remotely to cause a denial of service

Vulnerability in the software tool for implementing network routing on Unix-like systems FRRouting,
Picos network operating system, PAN-OS operating system is related to errors in input data processing.
data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of
service by sending specially crafted BGP update data

Vulnerability in bgpd/bgp_packet.c file of software tool for implementing network routing on Unix-like FRRR systems.
Unix-like systems FRRouting is related to NLRI processing if the attribute length is zero. Exploitation of the
of the vulnerability could allow an attacker acting remotely to cause a denial of service

Vulnerability in the bgp_open_option_parse() function of the bgpd daemon of the network routing implementation software on Unix-like Unix-based routing systems.
routing on Unix-like systems FRRouting is related to the operation exceeding the buffer boundaries in memory
when processing BGP OPEN messages with value 0xff. Exploitation of the vulnerability could allow an attacker,
acting remotely to cause a denial of service

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64frr<= 9.1-1UNKNOWN

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.1%