CVE-2007-4826

2007-09-1210:17:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

bgpd

quagga

cve-2007-4826

denial of service

bgp

nvd

6.1 Medium

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

73.1%

JSON

bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled.

CPENameOperatorVersion
quagga:quaggaquaggaeq0.99.2
quagga:quaggaquaggaeq0.97.5
quagga:quaggaquaggaeq0.95
quagga:quaggaquaggaeq0.98.3
quagga:quaggaquaggaeq0.96.3
quagga:quaggaquaggaeq0.99.4
quagga:quaggaquaggaeq0.99.7
quagga:quaggaquaggaeq0.99.5
quagga:quaggaquaggaeq0.96.5
quagga:quaggaquaggaeq0.98.0

CPE	Name	Operator	Version
quagga:quagga	quagga	eq	0.99.2
quagga:quagga	quagga	eq	0.97.5
quagga:quagga	quagga	eq	0.95
quagga:quagga	quagga	eq	0.98.3
quagga:quagga	quagga	eq	0.96.3
quagga:quagga	quagga	eq	0.99.4
quagga:quagga	quagga	eq	0.99.7
quagga:quagga	quagga	eq	0.99.5
quagga:quagga	quagga	eq	0.96.5
quagga:quagga	quagga	eq	0.98.0