[SECURITY] [DSA 6347-1] bird2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6347-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 15, 2026 https://www.debian.org/security/faq -...

📄 BIRD 2.18 Stack Buffer Overflow / Denial of Service Scanner

This Metasploit auxiliary module is designed to assess a vulnerability in the BGP implementation of the BIRD Internet Routing Daemon. The module establishes a BGP session with a target router, performs standard protocol negotiation, and then sends a specially crafted BGP UPDATE message containing...

CVE-2026-45047

bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler and similarly webHandlerTelegramBot processes user-provided JSON payloads by directly using json.NewDecoderr.Body.Decode without restricting the maximum read size. An unauthenticated remote attacker can stream an extremely...

SUSE CVE-2026-49943

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The aspathmatch function uses a fixed-size stack array of 2048 + 1 pmpos entries, while parsepath expands ASPATH segments from a received BGP...

Linux Distros Unpatched Vulnerability : CVE-2026-49943

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The...

UBUNTU-CVE-2026-49943

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The aspathmatch function uses a fixed-size stack array of 2048 + 1 pmpos entries, while parsepath expands ASPATH segments from a received BGP...

CVE-2026-49943

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The aspathmatch function uses a fixed-size stack array of 2048 + 1 pmpos entries, while parsepath expands ASPATH segments from a received BGP...

CVE-2026-49943

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The aspathmatch function uses a fixed-size stack array of 2048 + 1 pmpos entries, while parsepath expands ASPATH segments from a received BGP...

EUVD-2026-33980

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The aspathmatch function uses a fixed-size stack array of 2048 + 1 pmpos entries, while parsepath expands ASPATH segments from a received BGP...

CVE-2026-49943

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The aspathmatch function uses a fixed-size stack array of 2048 + 1 pmpos entries, while parsepath expands ASPATH segments from a received BGP...

BIRD 安全漏洞

BIRD is a full-featured dynamic IP routing daemon developed by BIRD OpenSource. Versions of BIRD prior to 2.19.0 contained security vulnerabilities; these vulnerabilities stemmed from stack buffer overflows in the BGP ASPATH mask matching implementation, which could potentially cause the daemon t...

CVE-2026-45047

bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler and similarly webHandlerTelegramBot processes user-provided JSON payloads by directly using json.NewDecoderr.Body.Decode&request without restricting the maximum read size. An unauthenticated remote attacker can stream an...

CVE-2026-45047 bird-lg-go: Fatal Out-of-Memory (OOM) Denial of Service via Unbounded JSON Decoding

bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler and similarly webHandlerTelegramBot processes user-provided JSON payloads by directly using json.NewDecoderr.Body.Decode&request without restricting the maximum read size. An unauthenticated remote attacker can stream an...

CVE-2026-45047 bird-lg-go: Fatal Out-of-Memory (OOM) Denial of Service via Unbounded JSON Decoding

bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler and similarly webHandlerTelegramBot processes user-provided JSON payloads by directly using json.NewDecoderr.Body.Decode&request without restricting the maximum read size. An unauthenticated remote attacker can stream an...

CVE-2026-45047

bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler and similarly webHandlerTelegramBot processes user-provided JSON payloads by directly using json.NewDecoderr.Body.Decode&request without restricting the maximum read size. An unauthenticated remote attacker can stream an...

EUVD-2026-32583

bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler and similarly webHandlerTelegramBot processes user-provided JSON payloads by directly using json.NewDecoderr.Body.Decode&request without restricting the maximum read size. An unauthenticated remote attacker can stream an...

CVE-2026-45047

The CVE affects the Go project bird-lg-go. Before version 1.4.5, apiHandler (and webHandlerTelegramBot) directly decode user-provided JSON via json.NewDecoder(r.Body).Decode(&request) without a maximum read size, enabling an unauthenticated attacker to stream a very large or endless JSON payload ...

Bird-lg-go 资源管理错误漏洞

Bird-lg-go is a BGP routing query tool developed by Yuhui Xu. Versions of Bird-lg-go prior to 1.4.5 contained a resource management vulnerability. This vulnerability stemmed from the apiHandler not limiting the maximum read size when processing the JSON payload provided by users. As a result,...

[SECURITY] Fedora 44 Update: rpki-client-9.8-1.fc44

The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...

[SECURITY] Fedora 42 Update: rpki-client-9.8-1.fc42

The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...