Vulnerabilities

CVE-2007-1995

by Fred · 12/04/2007

bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.

Date published : 2007-04-12

http://www.securityfocus.com/bid/23417

http://bugzilla.quagga.net/show_bug.cgi?id=354

Similar

Tags: Cybersecurity Alert