Malicious code in 3sfe (npm)

The package 3sfe was found to contain malicious code...

CVE-2023-24545

CVE-2023-24545 affects Arista CloudEOS, with a vulnerability in the Software Forwarding Engine (Sfe) that can cause a denial-of-service by sending malformed packets to the switch. The advisory lists multiple affected CloudEOS trains and versions: CloudEOS 4.29.1F and below (4.29.x), 4.28.4M and b...

CVE-2023-24513 On affected platforms running Arista CloudEOS a size check bypass issue in the Software Forwarding Engine (Sfe) may allow buffer over reads in later code. Additionally, depending on configured options this may cause a recomputation of the TCP checksum ...

On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine Sfe can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually st...

CVE-2023-24513

CVE-2023-24513 affects Arista CloudEOS Sfe in multiple CloudEOS trains. The issue is a size-check bypass in the Software Forwarding Engine that can lead to buffer over-reads and, depending on options, TCP checksum recomputation, potentially enabling DoS via malformed packets and packet-buffer lea...