Lucene search

[email protected]CVE-2013-2236

HistoryOct 24, 2013 - 3:48 a.m.

CVE-2013-2236

2013-10-2403:48:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2013-2236

stack-based buffer overflow

ospfd

quagga

denial of service

nvd

vulnerability

8.6 High

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.053 Low

EPSS

Percentile

93.0%

JSON

Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA.

CPENameOperatorVersion
quagga:quaggaquaggale0.99.22.1
quagga:quaggaquaggaeq0.99.22

CPE	Name	Operator	Version
quagga:quagga	quagga	le	0.99.22.1
quagga:quagga	quagga	eq	0.99.22

References

git.savannah.gnu.org/gitweb/?p=quagga.git%3Ba=commitdiff%3Bh=3f872fe60463a931c5c766dbf8c36870c0023e88

lists.quagga.net/pipermail/quagga-dev/2013-July/010622.html

nongnu.mirrors.hostinginnederland.nl//quagga/quagga-0.99.22.3.changelog.txt

rhn.redhat.com/errata/RHSA-2017-0794.html

seclists.org/oss-sec/2013/q3/24

www.debian.org/security/2013/dsa-2803

www.securityfocus.com/bid/60955

www.ubuntu.com/usn/USN-2941-1

8.6 High

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.053 Low

EPSS

Percentile

93.0%

JSON

Related for CVE-2013-2236

prion1 nessus12 ubuntucve1 openvas8 mageia1 veracode1 debiancve1 securityvulns2 debian1 osv1 ubuntu1 redhat1 centos1 gentoo1 oraclelinux1