CVE-2011-3326

CWE-3997 documents6 sources
Severity
5.0MEDIUM
EPSS
4.2%
top 11.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Quagga Quagga
Timeline
PublishedOct 10
Latest updateMay 14

Description

The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via an invalid Link State Advertisement (LSA) type in an IPv4 Link State Update message.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDquagga/quagga0.99.18+37

🔴Vulnerability Details

2
GHSA
GHSA-xrjp-rhjh-9hxf: The ospf_flood function in ospf_flood2022-05-14
CVEList
CVE-2011-3326: The ospf_flood function in ospf_flood2011-10-10

📋Vendor Advisories

2
Ubuntu
Quagga vulnerabilities2011-11-14
Red Hat
(ospfd): Denial of service by decoding Link State Update LSAs of unknown type2011-09-26

💬Community

2
Bugzilla
CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 quagga various flaws [fedora-all]2011-09-26
Bugzilla
CVE-2011-3326 Quagga (ospfd): Denial of service by decoding Link State Update LSAs of unknown type2011-09-14
CVE-2011-3326 (MEDIUM CVSS 5) | The ospf_flood function in ospf_flo | cvebase.io