Quagga: >> Quagga >> 0.99.14 Security Vulnerabilities
Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message.
CVSS Score
6.5
EPSS Score
0.07
Published
2010-09-10
bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message.
CVSS Score
5.0
EPSS Score
0.046
Published
2010-09-10
Page 3