CVE-2011-3327

CWE-119Buffer OverflowCWE-122Heap-based Buffer Overflow7 documents6 sources
Severity
7.5HIGH
EPSS
20.4%
top 4.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Quagga Quagga
Timeline
PublishedOct 10
Latest updateMay 14

Description

Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity.c in bgpd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted BGP UPDATE message over IPv4.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDquagga/quagga0.99.18+37

🔴Vulnerability Details

2
GHSA
GHSA-3f8p-77gw-5f5c: Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity2022-05-14
CVEList
CVE-2011-3327: Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity2011-10-10

📋Vendor Advisories

2
Ubuntu
Quagga vulnerabilities2011-11-14
Red Hat
(bgpd): Heap-based buffer overflow by decoding BGP UPDATE message with unknown AS_PATH attributes2011-09-26

💬Community

2
Bugzilla
CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 quagga various flaws [fedora-all]2011-09-26
Bugzilla
CVE-2011-3327 Quagga (bgpd): Heap-based buffer overflow by decoding BGP UPDATE message with unknown AS_PATH attributes2011-09-14
CVE-2011-3327 (HIGH CVSS 7.5) | Heap-based buffer overflow in the e | cvebase.io