Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2007-1995

Опубликовано: 12 апр. 2007
Источник: nvd
CVSS2: 6.3
EPSS Низкий

Описание

bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*
Версия до 0.98.6 (включая)
cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*
cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*

EPSS

Процентиль: 77%
0.01103
Низкий

6.3 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2007-1995

ubuntu
около 18 лет назад

bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.

redhat логотип

CVE-2007-1995

redhat
около 18 лет назад

bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.

debian логотип

CVE-2007-1995

debian
около 18 лет назад

bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0 ...

github логотип

GHSA-83w3-xxm9-4ff8

github
около 3 лет назад

bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.

oracle-oval логотип

ELSA-2007-0389

oracle-oval
около 18 лет назад

ELSA-2007-0389: Moderate: quagga security update (MODERATE)

EPSS

Процентиль: 77%
0.01103
Низкий

6.3 Medium

CVSS2

Дефекты

CWE-20
Уязвимость CVE-2007-1995