FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).
The product does not validate or incorrectly validates the integrity check values or “checksums” of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Frrouting | Frrouting | 7.5.1 (including) | 9.0 (including) |
Picos | Pica8 | 4.3.3.2 (including) | 4.3.3.2 (including) |