CVE-2009-1572
6.3 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.109 Low
EPSS
Percentile
95.0%
The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311
lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
marc.info/?l=quagga-dev&m=123364779626078&w=2
secunia.com/advisories/34999
secunia.com/advisories/35061
secunia.com/advisories/35203
secunia.com/advisories/35685
thread.gmane.org/gmane.network.quagga.devel/6513
www.debian.org/security/2009/dsa-1788
www.mandriva.com/security/advisories?name=MDVSA-2009:109
www.openwall.com/lists/oss-security/2009/05/01/1
www.openwall.com/lists/oss-security/2009/05/01/2
www.osvdb.org/54200
www.securityfocus.com/bid/34817
www.securitytracker.com/id?1022164
www.ubuntu.com/usn/usn-775-1
exchange.xforce.ibmcloud.com/vulnerabilities/50317
www.redhat.com/archives/fedora-package-announce/2009-May/msg01037.html
www.redhat.com/archives/fedora-package-announce/2009-May/msg01107.html
Related
6.3 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.109 Low
EPSS
Percentile
95.0%