PT-2013-5938 · Quagga · Quagga

Christian Hammers

Published

2013-12-14

Updated

2013-12-16

CVE-2013-6051

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Quagga version 0.99.21

Description The issue is related to the bgp attr unknown function in bgp attr.c, which does not properly initialize the total variable. This allows remote attackers to cause a denial of service by crashing bgpd via a crafted BGP update.

Recommendations For Quagga version 0.99.21, consider applying a patch that properly initializes the total variable in the bgp attr unknown function to prevent the denial of service.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2013-6051

DSA-2803-1

Affected Products

Quagga

PT-2013-5938 · Quagga · Quagga

CVE-2013-6051

Related Identifiers

Affected Products

References · 5