6.3

CVE-2007-1995

bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QuaggaQuagga Version <= 0.98.6
QuaggaQuagga Version0.95
QuaggaQuagga Version0.96
QuaggaQuagga Version0.96.1
QuaggaQuagga Version0.96.2
QuaggaQuagga Version0.96.3
QuaggaQuagga Version0.96.4
QuaggaQuagga Version0.96.5
QuaggaQuagga Version0.97.0
QuaggaQuagga Version0.97.1
QuaggaQuagga Version0.97.2
QuaggaQuagga Version0.97.3
QuaggaQuagga Version0.97.4
QuaggaQuagga Version0.97.5
QuaggaQuagga Version0.98.0
QuaggaQuagga Version0.98.1
QuaggaQuagga Version0.98.2
QuaggaQuagga Version0.98.3
QuaggaQuagga Version0.98.4
QuaggaQuagga Version0.98.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.74% 0.748
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.3 6.8 6.9
AV:N/AC:M/Au:S/C:N/I:N/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/25119
Vendor Advisory
http://www.novell.com/linux/security/advisories/2007_9_sr.html
http://bugzilla.quagga.net/show_bug.cgi?id=354
http://bugzilla.quagga.net/show_bug.cgi?id=355
http://secunia.com/advisories/24808
Vendor Advisory
http://secunia.com/advisories/25084
Vendor Advisory
http://secunia.com/advisories/25255
Vendor Advisory
http://secunia.com/advisories/25293
Vendor Advisory
http://secunia.com/advisories/25312
Vendor Advisory
http://secunia.com/advisories/25428
Vendor Advisory
http://secunia.com/advisories/29743
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200705-05.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1
http://www.debian.org/security/2007/dsa-1293
http://www.mandriva.com/security/advisories?name=MDKSA-2007:096
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.015.html
http://www.quagga.net/news2.php?y=2007&m=4&d=8#id1176073740
http://www.redhat.com/support/errata/RHSA-2007-0389.html
http://www.securityfocus.com/bid/23417
http://www.securitytracker.com/id?1018142
http://www.trustix.org/errata/2007/0017/
http://www.ubuntu.com/usn/usn-461-1
http://www.vupen.com/english/advisories/2007/1336
Vendor Advisory
http://www.vupen.com/english/advisories/2008/1195/references
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33547
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11048