Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP (v4) Too Big packet generation. After a bpf_xdp_adjust_head call, Katran code didn’t initialize the Identification field for the IPv4 header, resulting in writing content of kernel memory in that field of IP header. The issue affected all Katran versions prior to commit 6a03106ac1eab39d0303662963589ecb2374c97f
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Meta Katran 安全漏洞
Vulnerability Description
Meta Katran是美国Meta公司的一个 C++ 库和 BPF 程序。用于构建高性能第 4 层负载均衡转发平面。 Meta Katran存在安全漏洞,该漏洞源于可以将未初始化的内核内存作为IP标头的一部分公开。
CVSS Information
N/A
Vulnerability Type
N/A