CVE-2007-1995

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2007-1995

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2007-1995.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2007-1995

Related

Withdrawn

2024-06-30T13:40:11.047682Z

Published

2007-04-12T10:19:00Z

Modified

2024-04-11T07:40:47Z

Summary

[none]

Details

bgpd/bgpattr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MPREACHNLRI and MPUNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.

References

Affected packages

Debian:10 / quagga

Package

Name: quagga
Purl: pkg:deb/debian/quagga?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.99.6-5

Ecosystem specific

{
    "urgency": "low"
}