Executive Summary

Informations
NameCVE-2019-5892First vendor Publication2019-01-10
VendorCveLast vendor Modification2019-02-15

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Cvss Base Score4Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score8AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0.4, 4.x before 4.0.1, 5.x before 5.0.2, and 6.x before 6.0.2 (not affecting Cumulus Linux or VyOS), when ENABLE_BGP_VNC is used for Virtual Network Control, allows remote attackers to cause a denial of service (peering session flap) via attribute 255 in a BGP UPDATE packet. This occurred during Disco in January 2019 because FRR does not implement RFC 7606, and therefore the packets with 255 were considered invalid VNC data and the BGP session was closed.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5892

CWE : Common Weakness Enumeration

%idName
100 %CWE-20Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

Sources (Detail)

SourceUrl
CONFIRM https://frrouting.org/community/security/cve-2019-5892.html
MISC https://github.com/FRRouting/frr/commit/943d595a018e69b550db08cccba1d0778a86705a
https://github.com/FRRouting/frr/releases/tag/frr-3.0.4
https://github.com/FRRouting/frr/releases/tag/frr-4.0.1
https://github.com/FRRouting/frr/releases/tag/frr-5.0.2
https://github.com/FRRouting/frr/releases/tag/frr-6.0.2
https://lists.frrouting.org/pipermail/frog/2019-January/000404.html

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2019-02-16 12:09:08
  • Multiple Updates
2019-01-11 17:19:07
  • Multiple Updates
2019-01-10 21:19:00
  • First insertion