CVE-2013-2236

Name of the Vulnerable Software and Affected Versions Quagga versions prior to 0.99.22.2 Quagga versions prior to 0.99.22.4

Description The issue is related to a stack-based buffer overflow in the new msg lsa change notify function within the OSPFD API. This can be exploited by remote attackers to cause a denial of service, specifically a crash, by sending a large LSA when certain conditions are met, such as the use of --enable-opaque-lsa and the -a command line option. Multiple vulnerabilities in the Quagga package can lead to disruption of protected information availability, and these can be exploited remotely.

Recommendations For versions prior to 0.99.22.2, update to version 0.99.22.2 or later. For versions prior to 0.99.22.4, update to version 0.99.22.4 or later. As a temporary workaround, consider restricting access to the OSPFD API or disabling the new msg lsa change notify function until a patch is available.