CVE-2012-5521
published 2019-11-25CVE-2012-5521: quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal
PriorityP425medium6.5CVSS 3.1
AVAACLPRNUINSUCNINAH
EPSS
1.49%
70.9th percentile
quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| quagga | quagga | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.03.3LOWAV:A/AC:L/Au:N/C:N/I:N/A:P
osv6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r8m3-p659-7pmw: quagga (ospf6d) 0
ghsa_unreviewed·2022-04-23
CVE-2012-5521 [MEDIUM] CWE-617 GHSA-r8m3-p659-7pmw: quagga (ospf6d) 0
quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal
OSV
CVE-2012-5521: quagga (ospf6d) 0
osv·2019-11-25·CVSS 6.5
CVE-2012-5521 [MEDIUM] CVE-2012-5521: quagga (ospf6d) 0
quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal
Red Hat
(ospf6d): Assertion failure when removing routes (retrieving information which route to remove)
vendor_redhat·2012-11-13·CVSS 6.5
CVE-2012-5521 [MEDIUM] (ospf6d): Assertion failure when removing routes (retrieving information which route to remove)
(ospf6d): Assertion failure when removing routes (retrieving information which route to remove)
quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal
Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: quagga (Red Hat Enterprise Linux 5) - Will not fix
Package: quagga (Red Hat Enterprise Linux 6) - Will not fix
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-5521 quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove)
bugzilla·2012-11-13·CVSS 6.5
CVE-2012-5521 [MEDIUM] CVE-2012-5521 quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove)
CVE-2012-5521 quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove)
A denial of service flaw was found in the way Quagga's ospf6d daemon performed routes removal. In certain circumstances when removing the route the ospf6d daemon terminated with assertion failure when trying to determine / find, which route to remove. An OSPF6 router could use this flaw to cause ospf6d on an adjacent router to abort.
References:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693102
Upstream bug report:
[2] https://bugzilla.quagga.net/show_bug.cgi?id=747
Discussion:
This issue affects the versions of the quagga package, as shipped with Red Hat Enterprise Linux 5 and 6.
--
This issue affects the versions of the quagga package, as shipped with Fedo
Bugzilla
CVE-2012-5521 quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove) [fedora-all]
bugzilla·2012-11-13·CVSS 6.5
CVE-2012-5521 [MEDIUM] CVE-2012-5521 quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove) [fedora-all]
CVE-2012-5521 quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove) [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi note
http://www.openwall.com/lists/oss-security/2012/11/13/14http://www.securityfocus.com/bid/56530https://access.redhat.com/security/cve/cve-2012-5521https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5521https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-5521https://exchange.xforce.ibmcloud.com/vulnerabilities/80096https://security-tracker.debian.org/tracker/CVE-2012-5521http://www.openwall.com/lists/oss-security/2012/11/13/14http://www.securityfocus.com/bid/56530https://access.redhat.com/security/cve/cve-2012-5521https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5521https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-5521https://exchange.xforce.ibmcloud.com/vulnerabilities/80096https://security-tracker.debian.org/tracker/CVE-2012-5521
2019-11-25
Published