CVE-2010-2948
(bgpd): Stack buffer overflow by processing certain Route-Refresh messages
Severity Score
6.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message.
Desbordamiento de búfer basado en pila en la función bgp_route_refresh_receive en bgp_packet.c en bgpd en Quagga anterior a v0.99.17, permite a usuarios remotos autenticados provocar una denegación de servicio (caída del demonio) o posiblemente ejecutar código a través de un registro Outbound Route Filtering (ORF) formado de forma errónea en un mensaje BGP ROUTE-REFRESH (RR).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-08-04 CVE Reserved
- 2010-09-08 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-121: Stack-based Buffer Overflow
CAPEC
References (24)
| URL | Tag | Source |
|---|---|---|
| http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3 | X_refsource_confirm | |
| http://secunia.com/advisories/42397 | Third Party Advisory | |
| http://secunia.com/advisories/48106 | Third Party Advisory | |
| http://www.openwall.com/lists/oss-security/2010/08/24/3 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2010/08/25/4 | Mailing List |
|
| http://www.quagga.net/news2.php?y=2010&m=8&d=19 | X_refsource_confirm | |
| http://www.securityfocus.com/bid/42635 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2010/3097 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html | 2023-02-13 | |
| http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html | 2023-02-13 | |
| http://secunia.com/advisories/41038 | 2023-02-13 | |
| http://secunia.com/advisories/41238 | 2023-02-13 | |
| http://secunia.com/advisories/42446 | 2023-02-13 | |
| http://secunia.com/advisories/42498 | 2023-02-13 | |
| http://security.gentoo.org/glsa/glsa-201202-02.xml | 2023-02-13 | |
| http://www.debian.org/security/2010/dsa-2104 | 2023-02-13 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2010:174 | 2023-02-13 | |
| http://www.redhat.com/support/errata/RHSA-2010-0785.html | 2023-02-13 | |
| http://www.redhat.com/support/errata/RHSA-2010-0945.html | 2023-02-13 | |
| http://www.ubuntu.com/usn/USN-1027-1 | 2023-02-13 | |
| http://www.vupen.com/english/advisories/2010/2304 | 2023-02-13 | |
| http://www.vupen.com/english/advisories/2010/3124 | 2023-02-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=626783 | 2010-12-06 | |
| https://access.redhat.com/security/cve/CVE-2010-2948 | 2010-12-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | <= 0.99.16 Search vendor "Quagga" for product "Quagga" and version " <= 0.99.16" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.95 Search vendor "Quagga" for product "Quagga" and version "0.95" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.96 Search vendor "Quagga" for product "Quagga" and version "0.96" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.96.1 Search vendor "Quagga" for product "Quagga" and version "0.96.1" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.96.2 Search vendor "Quagga" for product "Quagga" and version "0.96.2" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.96.3 Search vendor "Quagga" for product "Quagga" and version "0.96.3" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.96.4 Search vendor "Quagga" for product "Quagga" and version "0.96.4" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.96.5 Search vendor "Quagga" for product "Quagga" and version "0.96.5" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.97.0 Search vendor "Quagga" for product "Quagga" and version "0.97.0" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.97.1 Search vendor "Quagga" for product "Quagga" and version "0.97.1" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.97.2 Search vendor "Quagga" for product "Quagga" and version "0.97.2" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.97.3 Search vendor "Quagga" for product "Quagga" and version "0.97.3" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.97.4 Search vendor "Quagga" for product "Quagga" and version "0.97.4" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.97.5 Search vendor "Quagga" for product "Quagga" and version "0.97.5" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.98.0 Search vendor "Quagga" for product "Quagga" and version "0.98.0" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.98.1 Search vendor "Quagga" for product "Quagga" and version "0.98.1" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.98.2 Search vendor "Quagga" for product "Quagga" and version "0.98.2" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.98.3 Search vendor "Quagga" for product "Quagga" and version "0.98.3" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.98.4 Search vendor "Quagga" for product "Quagga" and version "0.98.4" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.98.5 Search vendor "Quagga" for product "Quagga" and version "0.98.5" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.98.6 Search vendor "Quagga" for product "Quagga" and version "0.98.6" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.99.1 Search vendor "Quagga" for product "Quagga" and version "0.99.1" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.99.2 Search vendor "Quagga" for product "Quagga" and version "0.99.2" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.99.3 Search vendor "Quagga" for product "Quagga" and version "0.99.3" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.99.4 Search vendor "Quagga" for product "Quagga" and version "0.99.4" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.99.5 Search vendor "Quagga" for product "Quagga" and version "0.99.5" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.99.6 Search vendor "Quagga" for product "Quagga" and version "0.99.6" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.99.7 Search vendor "Quagga" for product "Quagga" and version "0.99.7" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.99.8 Search vendor "Quagga" for product "Quagga" and version "0.99.8" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.99.9 Search vendor "Quagga" for product "Quagga" and version "0.99.9" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.99.10 Search vendor "Quagga" for product "Quagga" and version "0.99.10" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.99.11 Search vendor "Quagga" for product "Quagga" and version "0.99.11" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.99.12 Search vendor "Quagga" for product "Quagga" and version "0.99.12" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.99.13 Search vendor "Quagga" for product "Quagga" and version "0.99.13" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.99.14 Search vendor "Quagga" for product "Quagga" and version "0.99.14" | - |
Affected
| ||||||
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | 0.99.15 Search vendor "Quagga" for product "Quagga" and version "0.99.15" | - |
Affected
| ||||||