High severity7.5NVD Advisory· Published Nov 8, 2017· Updated May 13, 2026

CVE-2017-15865

Description

bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492).

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/101794nvdThird Party AdvisoryVDB Entry
frrouting.org/community/security.htmlnvdIssue TrackingVendor Advisory
lists.cumulusnetworks.com/pipermail/cumulus-security-announce/2017-November/000009.htmlnvdIssue TrackingThird Party Advisory
support.cumulusnetworks.com/hc/en-us/articles/115014754307nvdIssue TrackingThird Party Advisory
support.cumulusnetworks.com/hc/en-us/articles/115014778107-CVE-2017-15865-Malformed-BGP-UPDATE-Triggers-Information-DisclosurenvdIssue TrackingThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000