CVE-2012-0249

CWE-119Buffer Overflow8 documents6 sources
Severity
3.3LOW
EPSS
0.5%
top 32.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Quagga Quagga
Timeline
PublishedApr 5
Latest updateMay 4

Description

Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header.

CVSS vector

AV:A/AC:L/C:N/I:N/A:PExploitability: 6.5 | Impact: 2.9

Affected Packages1 packages

NVDquagga/quagga0.99.20+39

Patches

Patch: www.kb.cert.orgPatch: bugzilla.quagga.netPatch: www.kb.cert.org

🔴Vulnerability Details

2
GHSA
GHSA-x6mq-qm3w-f3w3: Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet2022-05-04
CVEList
CVE-2012-0249: Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet2012-04-05

📋Vendor Advisories

2
Ubuntu
Quagga vulnerabilities2012-05-15
Red Hat
(ospfd): Assertion failure due improper length check for a received LS-Update OSPF packet2012-03-28

💬Community

2
Bugzilla
CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 quagga various flaws [fedora-all]2012-03-30
Bugzilla
CVE-2012-0249 quagga (ospfd): Assertion failure due improper length check for a received LS-Update OSPF packet2012-03-13
CVE-2012-0249 (LOW CVSS 3.3) | Buffer overflow in the ospf_ls_upd_ | cvebase.io