CVE-2011-3324

CWE-3997 documents6 sources
Severity
5.0MEDIUM
EPSS
4.5%
top 10.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Quagga Quagga
Timeline
PublishedOct 10
Latest updateMay 14

Description

The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via trailing zero values in the Link State Advertisement (LSA) header list of an IPv6 Database Description message.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDquagga/quagga0.99.18+37

🔴Vulnerability Details

2
GHSA
GHSA-85v8-hgw6-87v8: The ospf6_lsa_is_changed function in ospf6_lsa2022-05-14
CVEList
CVE-2011-3324: The ospf6_lsa_is_changed function in ospf6_lsa2011-10-10

📋Vendor Advisories

2
Ubuntu
Quagga vulnerabilities2011-11-14
Red Hat
(ospf6d): Denial of service by decoding malformed Database Description packet headers2011-09-26

💬Community

2
Bugzilla
CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 quagga various flaws [fedora-all]2011-09-26
Bugzilla
CVE-2011-3324 Quagga (ospf6d): Denial of service by decoding malformed Database Description packet headers2011-09-14
CVE-2011-3324 (MEDIUM CVSS 5) | The ospf6_lsa_is_changed function i | cvebase.io