CVE-2007-1995 in Quaggainfo

Summary

bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

04/11/2007

Disclosure

04/12/2007

Moderation

VulDB entry created

Entries

1: VDB-36137

CPE

ready

CWE

CWE-20 (Confirmed)

CVSS

6.5

EPSS

0.01416

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-1995
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-1995
CVE Details	https://www.cvedetails.com/cve/CVE-2007-1995/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!