The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Big-ip_next | F5 | 20.0.1 (including) | 20.0.1 (including) |
References
- https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
- https://my.f5.com/manage/s/article/K000137315
- https://www.ipinfusion.com/doc_prod_cat/zebos/
- https://www.kb.cert.org/vuls/id/347067
- https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
- https://my.f5.com/manage/s/article/K000137315
- https://www.ipinfusion.com/doc_prod_cat/zebos/
- https://www.kb.cert.org/vuls/id/347067