QwikSec

Security Database

CVE

CWE

Training

CVE-2007-1995

Published: Apr 12, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_SECTRACK

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_SUNALERT

vendor-advisory

x_refsource_DEBIAN

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

http://bugzilla.quagga.net/show_bug.cgi?id=354

x_refsource_CONFIRM

vendor-advisory

x_refsource_TRUSTIX

OpenPKG-SA-2007.015

vendor-advisory

x_refsource_OPENPKG

vendor-advisory

x_refsource_REDHAT

SUSE-SR:2007:009

vendor-advisory

x_refsource_SUSE

oval:org.mitre.oval:def:11048

vdb-entry

signature

x_refsource_OVAL

http://www.quagga.net/news2.php?y=2007&m=4&d=8#id1176073740

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

quagga-bgpattributes-dos(33547)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_UBUNTU

http://bugzilla.quagga.net/show_bug.cgi?id=355

x_refsource_CONFIRM

vendor-advisory

x_refsource_MANDRIVA

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.