CVE-2011-3323

CWE-119Buffer OverflowCWE-121Stack-based Buffer Overflow7 documents6 sources
Severity
5.0MEDIUM
EPSS
4.5%
top 10.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Quagga Quagga
Timeline
PublishedOct 10
Latest updateMay 14

Description

The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon crash) via a Link State Update message with an invalid IPv6 prefix length.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDquagga/quagga0.99.18+37

🔴Vulnerability Details

2
GHSA
GHSA-rj3r-354g-32cw: The OSPFv3 implementation in ospf6d in Quagga before 02022-05-14
CVEList
CVE-2011-3323: The OSPFv3 implementation in ospf6d in Quagga before 02011-10-10

📋Vendor Advisories

2
Ubuntu
Quagga vulnerabilities2011-11-14
Red Hat
(ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA2011-09-26

💬Community

2
Bugzilla
CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 quagga various flaws [fedora-all]2011-09-26
Bugzilla
CVE-2011-3323 Quagga (ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA2011-09-14
CVE-2011-3323 (MEDIUM CVSS 5) | The OSPFv3 implementation in ospf6d | cvebase.io