QwikSec

Security Database

CVE

CWE

Training

CVE-2013-2236

Published: Oct 24, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_REDHAT

vdb-entry

x_refsource_BID

http://nongnu.mirrors.hostinginnederland.nl//quagga/quagga-0.99.22.3.changelog.txt

x_refsource_CONFIRM

http://git.savannah.gnu.org/gitweb/?p=quagga.git%3Ba=commitdiff%3Bh=3f872fe60463a931c5c766dbf8c36870c0023e88

x_refsource_CONFIRM

[quagga-dev] 20130702 [quagga-dev 10568] ospfd, new_msg_lsa_change_notify: looks like a buffer overflow

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_DEBIAN

[oss-security] 20130703 Re: CVE request: Quagga OSPF-API stack overrun

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.