CVE-2013-2236

CWE-119Buffer OverflowCWE-121Stack-based Buffer Overflow9 documents7 sources
Severity
2.6LOW
EPSS
1.0%
top 23.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Quagga Quagga
Timeline
PublishedOct 24
Latest updateMay 14

Description

Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA.

CVSS vector

AV:N/AC:H/C:N/I:N/A:PExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

Ubuntuquagga< 0.99.22.4-1
NVDquagga/quagga0.99.22.1+1

🔴Vulnerability Details

4
GHSA
GHSA-4pv9-4pjh-rpv5: Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api2022-05-14
OSV
quagga vulnerabilities2016-03-24
CVEList
CVE-2013-2236: Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api2013-10-24
OSV
CVE-2013-2236: Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api2013-10-23

📋Vendor Advisories

2
Ubuntu
Quagga vulnerabilities2016-03-24
Red Hat
Quagga: OSPFD Potential remote code exec (stack based buffer overflow)2013-07-02

💬Community

2
Bugzilla
quagga: CVE-2013-2236 Quagga: OSPFD Potential remote code exec (stack based buffer overflow) [fedora-all]2013-07-04
Bugzilla
CVE-2013-2236 Quagga: OSPFD Potential remote code exec (stack based buffer overflow)2013-07-04
CVE-2013-2236 (LOW CVSS 2.6) | Stack-based buffer overflow in the | cvebase.io