Back to CVE Browser

CVE-2017-15865

HIGH

7.5

CVSS Severity Score

EPSS Score0.1330%

EPSS Percentile26.94th

PublishedNov 8, 2017

Last ModifiedMay 13, 2026

Vulnerability Description

bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492).

Affected Platforms (CPE)

📦

Frrouting

Frrouting

< 2.0.2

📦

Frrouting

Frrouting

= 3.0

📦

Frrouting

Frrouting

= 3.0

📦

Frrouting

Frrouting

= 3.0

📦

Frrouting

Frrouting

= 3.0

📦

Frrouting

Frrouting

= 3.0

📦

Frrouting

Frrouting

= 3.0.1

References & Advisories

🔗 http://www.securityfocus.com/bid/101794

🔗 https://frrouting.org/community/security.html

🔗 https://lists.cumulusnetworks.com/pipermail/cumulus-security-announce/2017-November/000009.html

🔗 https://support.cumulusnetworks.com/hc/en-us/articles/115014754307#rn690

🔗 https://support.cumulusnetworks.com/hc/en-us/articles/115014778107-CVE-2017-15865-Malformed-BGP-UPDATE-Triggers-Information-Disclosure

🔗 http://www.securityfocus.com/bid/101794

🔗 https://frrouting.org/community/security.html

🔗 https://lists.cumulusnetworks.com/pipermail/cumulus-security-announce/2017-November/000009.html

Related Vulnerabilities

CVE-2019-58926.5

bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 ...

CVE-2020-128315.3

An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. When using the split-config feature, the init scr...

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...