CVE-2012-0255

CWE-119 โ€” Buffer Overflow7 documents6 sources
Severity
5.0MEDIUM
EPSS
0.9%
top 23.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Quagga Quagga
Timeline
PublishedApr 5
Latest updateMay 4

Description

The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability).

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

โ–ถNVDquagga/quagga0.99.20+39

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-6f58-2f4p-jjcw: The BGP implementation in bgpd in Quagga before 0โ†—2022-05-04
โ–ถ
CVEList
CVE-2012-0255: The BGP implementation in bgpd in Quagga before 0โ†—2012-04-05
โ–ถ

๐Ÿ“‹Vendor Advisories

2
Ubuntu
Quagga vulnerabilitiesโ†—2012-05-15
โ–ถ
Red Hat
(bgpd): Assertion failure by processing malformed AS4 capability in BGP OPEN messageโ†—2012-03-28
โ–ถ

๐Ÿ’ฌCommunity

2
Bugzilla
CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 quagga various flaws [fedora-all]โ†—2012-03-30
โ–ถ
Bugzilla
CVE-2012-0255 quagga (bgpd): Assertion failure by processing malformed AS4 capability in BGP OPEN messageโ†—2012-03-13
โ–ถ
CVE-2012-0255 (MEDIUM CVSS 5) | The BGP implementation in bgpd in Q | cvebase.io