Lucene search

K
cve[email protected]CVE-2012-0255
HistoryApr 05, 2012 - 1:25 p.m.

CVE-2012-0255

2012-04-0513:25:00
CWE-119
web.nvd.nist.gov
49
quagga
bgpd
denial of service
vulnerability
as4 capability
cve-2012-0255

8.8 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.028 Low

EPSS

Percentile

90.4%

The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability).

8.8 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.028 Low

EPSS

Percentile

90.4%

Related for CVE-2012-0255