Lucene search

K

[email protected]NVD:CVE-2013-2236

HistoryOct 24, 2013 - 3:48 a.m.

CVE-2013-2236

2013-10-2403:48:46

CWE-119

[email protected]

web.nvd.nist.gov

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

7.1 High

AI Score

Confidence

High

0.053 Low

EPSS

Percentile

93.1%

Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA.

Affected configurations

NVD

Node

quaggaquaggaRange≤0.99.22.1

OR

quaggaquaggaMatch0.99.22

References

git.savannah.gnu.org/gitweb/?p=quagga.git%3Ba=commitdiff%3Bh=3f872fe60463a931c5c766dbf8c36870c0023e88

lists.quagga.net/pipermail/quagga-dev/2013-July/010622.html

nongnu.mirrors.hostinginnederland.nl//quagga/quagga-0.99.22.3.changelog.txt

rhn.redhat.com/errata/RHSA-2017-0794.html

seclists.org/oss-sec/2013/q3/24

www.debian.org/security/2013/dsa-2803

www.securityfocus.com/bid/60955

www.ubuntu.com/usn/USN-2941-1

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

7.1 High

AI Score

Confidence

High

0.053 Low

EPSS

Percentile

93.1%

Related for NVD:CVE-2013-2236

cve1 debiancve1 veracode1 nessus13 ubuntucve1 prion1 openvas8 mageia1 cvelist1 osv1 debian1 securityvulns2 ubuntu1 gentoo1 centos1 redhat1 oraclelinux1