CVE-2012-0250

CWE-119 โ€” Buffer Overflow7 documents6 sources
Severity
3.3LOW
EPSS
0.3%
top 49.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Quagga Quagga
Timeline
PublishedApr 5
Latest updateMay 4

Description

Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field.

CVSS vector

AV:A/AC:L/C:N/I:N/A:PExploitability: 6.5 | Impact: 2.9

Affected Packages1 packages

โ–ถNVDquagga/quagga0.99.20+19

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-w6rh-c4vv-wcr5: Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0โ†—2022-05-04
โ–ถ
CVEList
CVE-2012-0250: Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0โ†—2012-04-05
โ–ถ

๐Ÿ“‹Vendor Advisories

2
Ubuntu
Quagga vulnerabilitiesโ†—2012-05-15
โ–ถ
Red Hat
(ospfd): Crash by processing LS-Update OSPF packet due improper length check of the Network-LSA structuresโ†—2012-03-28
โ–ถ

๐Ÿ’ฌCommunity

2
Bugzilla
CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 quagga various flaws [fedora-all]โ†—2012-03-30
โ–ถ
Bugzilla
CVE-2012-0250 quagga (ospfd): Crash by processing LS-Update OSPF packet due improper length check of the Network-LSA structuresโ†—2012-03-13
โ–ถ
CVE-2012-0250 (LOW CVSS 3.3) | Buffer overflow in the OSPFv2 imple | cvebase.io