// For flags

CVE-2007-1995

Quagga bgpd DoS

Severity Score

6.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.

bgpd/bgp_attr.c en Quagga 0.98.6 y versiones anteriores, y 0.99.6 y versiones 0.99 anteriores, no validan la longitud de los valores en los atributos MP_REACH_NLRI y MP_UNREACH_NLRI, lo cual permite a atacantes remotos provocar una denegación de servicio (caída o finalización de demonio) mediante mensajes UPDATE manipulados que disparan un error de aserción o lectura fuera de límites.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-04-11 CVE Reserved
  • 2007-04-12 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-09-04 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
References (28)
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Quagga
Search vendor "Quagga"
Quagga
Search vendor "Quagga" for product "Quagga"
<= 0.98.6
Search vendor "Quagga" for product "Quagga" and version " <= 0.98.6"
-
Affected
Quagga
Search vendor "Quagga"
Quagga
Search vendor "Quagga" for product "Quagga"
0.95
Search vendor "Quagga" for product "Quagga" and version "0.95"
-
Affected
Quagga
Search vendor "Quagga"
Quagga
Search vendor "Quagga" for product "Quagga"
0.96
Search vendor "Quagga" for product "Quagga" and version "0.96"
-
Affected
Quagga
Search vendor "Quagga"
Quagga
Search vendor "Quagga" for product "Quagga"
0.96.1
Search vendor "Quagga" for product "Quagga" and version "0.96.1"
-
Affected
Quagga
Search vendor "Quagga"
Quagga
Search vendor "Quagga" for product "Quagga"
0.96.2
Search vendor "Quagga" for product "Quagga" and version "0.96.2"
-
Affected
Quagga
Search vendor "Quagga"
Quagga
Search vendor "Quagga" for product "Quagga"
0.96.3
Search vendor "Quagga" for product "Quagga" and version "0.96.3"
-
Affected
Quagga
Search vendor "Quagga"
Quagga
Search vendor "Quagga" for product "Quagga"
0.96.4
Search vendor "Quagga" for product "Quagga" and version "0.96.4"
-
Affected
Quagga
Search vendor "Quagga"
Quagga
Search vendor "Quagga" for product "Quagga"
0.96.5
Search vendor "Quagga" for product "Quagga" and version "0.96.5"
-
Affected
Quagga
Search vendor "Quagga"
Quagga
Search vendor "Quagga" for product "Quagga"
0.97.0
Search vendor "Quagga" for product "Quagga" and version "0.97.0"
-
Affected
Quagga
Search vendor "Quagga"
Quagga
Search vendor "Quagga" for product "Quagga"
0.97.1
Search vendor "Quagga" for product "Quagga" and version "0.97.1"
-
Affected
Quagga
Search vendor "Quagga"
Quagga
Search vendor "Quagga" for product "Quagga"
0.97.2
Search vendor "Quagga" for product "Quagga" and version "0.97.2"
-
Affected
Quagga
Search vendor "Quagga"
Quagga
Search vendor "Quagga" for product "Quagga"
0.97.3
Search vendor "Quagga" for product "Quagga" and version "0.97.3"
-
Affected
Quagga
Search vendor "Quagga"
Quagga
Search vendor "Quagga" for product "Quagga"
0.97.4
Search vendor "Quagga" for product "Quagga" and version "0.97.4"
-
Affected
Quagga
Search vendor "Quagga"
Quagga
Search vendor "Quagga" for product "Quagga"
0.97.5
Search vendor "Quagga" for product "Quagga" and version "0.97.5"
-
Affected
Quagga
Search vendor "Quagga"
Quagga
Search vendor "Quagga" for product "Quagga"
0.98.0
Search vendor "Quagga" for product "Quagga" and version "0.98.0"
-
Affected
Quagga
Search vendor "Quagga"
Quagga
Search vendor "Quagga" for product "Quagga"
0.98.1
Search vendor "Quagga" for product "Quagga" and version "0.98.1"
-
Affected
Quagga
Search vendor "Quagga"
Quagga
Search vendor "Quagga" for product "Quagga"
0.98.2
Search vendor "Quagga" for product "Quagga" and version "0.98.2"
-
Affected
Quagga
Search vendor "Quagga"
Quagga
Search vendor "Quagga" for product "Quagga"
0.98.3
Search vendor "Quagga" for product "Quagga" and version "0.98.3"
-
Affected
Quagga
Search vendor "Quagga"
Quagga
Search vendor "Quagga" for product "Quagga"
0.98.4
Search vendor "Quagga" for product "Quagga" and version "0.98.4"
-
Affected
Quagga
Search vendor "Quagga"
Quagga
Search vendor "Quagga" for product "Quagga"
0.98.5
Search vendor "Quagga" for product "Quagga" and version "0.98.5"
-
Affected