CVE-2017-15865: Malformed BGP UPDATE Triggers Information Disclosure


Note: This issue was announced on the Cumulus Networks security announcement mailing list on November 6, 2017.

An issue has been found in the FRRouting bgpd daemon (CVE-2017-15865). This issue has been fixed in Cumulus Linux 3.4.3, and patched upstream in all FRR versions (2.0, 3.0).

If a connected BGP peer sends a malformed BGP UPDATE packet to bgpd, bgpd may return up to 4075 bytes of data that should not have been sent to the requestor. The extra data sent may contain sensitive information.

There is no known denial of service, however there is a theoretical possibility of a bgpd crash. In those cases, bgpd would normally be restarted automatically by the watchfrr daemon.

Have more questions? Submit a request


Powered by Zendesk