Lucene search
K

259 matches found

OSV
OSV
added 2026/06/25 6:26 p.m.3 views

GO-2026-5077 Bird-lg-go has a Fatal Out-of-Memory (OOM) Denial of Service via Unbounded JSON Decoding in github.com/xddxdd/bird-lg-go

Bird-lg-go has a Fatal Out-of-Memory OOM Denial of Service via Unbounded JSON Decoding in github.com/xddxdd/bird-lg-go...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References4
Fedora
Fedora
added 2026/06/17 8:26 a.m.26 views

[SECURITY] Fedora 43 Update: bird-3.3.1-1.fc43

BIRD is a dynamic IP routing daemon supporting both, IPv4 and IPv6, Border Gateway Protocol BGPv4, Routing Information Protocol RIPv2, RIPng, Open Shortest Path First protocol OSPFv2, OSPFv3, Babel Routing Protocol Babel, Bidirectional Forwarding Detection BFD, IPv6 router advertisements, static...

5.3AI score
Exploits0
Debian
Debian
added 2026/06/15 8:30 p.m.11 views

[SECURITY] [DSA 6347-1] bird2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6347-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 15, 2026 https://www.debian.org/security/faq -...

5.3AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/12 12:0 a.m.65 views

📄 BIRD 2.18 Stack Buffer Overflow / Denial of Service Scanner

This Metasploit auxiliary module is designed to assess a vulnerability in the BGP implementation of the BIRD Internet Routing Daemon. The module establishes a BGP session with a target router, performs standard protocol negotiation, and then sends a specially crafted BGP UPDATE message containing...

6.3CVSS5.3AI score0.003EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-45047

bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler and similarly webHandlerTelegramBot processes user-provided JSON payloads by directly using json.NewDecoderr.Body.Decode without restricting the maximum read size. An unauthenticated remote attacker can stream an extremely...

7.5CVSS5.5AI score0.00441EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.12 views

SUSE CVE-2026-49943

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The aspathmatch function uses a fixed-size stack array of 2048 + 1 pmpos entries, while parsepath expands ASPATH segments from a received BGP...

6.3CVSS6.1AI score0.003EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.27 views

Linux Distros Unpatched Vulnerability : CVE-2026-49943

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The...

6.3CVSS5.9AI score0.003EPSS
Exploits2References3
OSV
OSV
added 2026/06/02 5:16 p.m.9 views

UBUNTU-CVE-2026-49943

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The aspathmatch function uses a fixed-size stack array of 2048 + 1 pmpos entries, while parsepath expands ASPATH segments from a received BGP...

6.3CVSS5.7AI score0.003EPSS
Exploits2References3
Cvelist
Cvelist
added 2026/06/02 4:16 p.m.40 views

CVE-2026-49943

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The aspathmatch function uses a fixed-size stack array of 2048 + 1 pmpos entries, while parsepath expands ASPATH segments from a received BGP...

6.3CVSS0.003EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/06/02 4:16 p.m.10 views

CVE-2026-49943

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The aspathmatch function uses a fixed-size stack array of 2048 + 1 pmpos entries, while parsepath expands ASPATH segments from a received BGP...

6.3CVSS6.1AI score0.003EPSS
Exploits2References2
Debian CVE
Debian CVE
added 2026/06/02 4:16 p.m.13 views

CVE-2026-49943

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The aspathmatch function uses a fixed-size stack array of 2048 + 1 pmpos entries, while parsepath expands ASPATH segments from a received BGP...

6.3CVSS6.1AI score0.003EPSS
Exploits2
EUVD
EUVD
added 2026/06/02 4:16 p.m.17 views

EUVD-2026-33980

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The aspathmatch function uses a fixed-size stack array of 2048 + 1 pmpos entries, while parsepath expands ASPATH segments from a received BGP...

6.3CVSS6.1AI score0.003EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.10 views

BIRD 安全漏洞

BIRD is a full-featured dynamic IP routing daemon developed by BIRD OpenSource. Versions of BIRD prior to 2.19.0 contained security vulnerabilities; these vulnerabilities stemmed from stack buffer overflows in the BGP ASPATH mask matching implementation, which could potentially cause the daemon t...

6.3CVSS5.6AI score0.003EPSS
Exploits2References2
NVD
NVD
added 2026/05/27 6:16 p.m.18 views

CVE-2026-45047

bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler and similarly webHandlerTelegramBot processes user-provided JSON payloads by directly using json.NewDecoderr.Body.Decode&request without restricting the maximum read size. An unauthenticated remote attacker can stream an...

7.5CVSS0.00441EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 4:37 p.m.45 views

CVE-2026-45047 bird-lg-go: Fatal Out-of-Memory (OOM) Denial of Service via Unbounded JSON Decoding

bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler and similarly webHandlerTelegramBot processes user-provided JSON payloads by directly using json.NewDecoderr.Body.Decode&request without restricting the maximum read size. An unauthenticated remote attacker can stream an...

7.5CVSS0.00441EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 4:37 p.m.10 views

CVE-2026-45047 bird-lg-go: Fatal Out-of-Memory (OOM) Denial of Service via Unbounded JSON Decoding

bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler and similarly webHandlerTelegramBot processes user-provided JSON payloads by directly using json.NewDecoderr.Body.Decode&request without restricting the maximum read size. An unauthenticated remote attacker can stream an...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 4:37 p.m.10 views

CVE-2026-45047

bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler and similarly webHandlerTelegramBot processes user-provided JSON payloads by directly using json.NewDecoderr.Body.Decode&request without restricting the maximum read size. An unauthenticated remote attacker can stream an...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/27 4:37 p.m.20 views

CVE-2026-45047

The CVE affects the Go project bird-lg-go. Before version 1.4.5, apiHandler (and webHandlerTelegramBot) directly decode user-provided JSON via json.NewDecoder(r.Body).Decode(&request) without a maximum read size, enabling an unauthenticated attacker to stream a very large or endless JSON payload ...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 4:37 p.m.13 views

EUVD-2026-32583

bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler and similarly webHandlerTelegramBot processes user-provided JSON payloads by directly using json.NewDecoderr.Body.Decode&request without restricting the maximum read size. An unauthenticated remote attacker can stream an...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

Bird-lg-go 资源管理错误漏洞

Bird-lg-go is a BGP routing query tool developed by Yuhui Xu. Versions of Bird-lg-go prior to 1.4.5 contained a resource management vulnerability. This vulnerability stemmed from the apiHandler not limiting the maximum read size when processing the JSON payload provided by users. As a result,...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References1
Rows per page
Query Builder