CVE-2009-1572

The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
quaggaquagga
𝑥
≤ 0.99.11
quaggaquagga
0.95
quaggaquagga
0.96
quaggaquagga
0.96.1
quaggaquagga
0.96.2
quaggaquagga
0.96.3
quaggaquagga
0.96.4
quaggaquagga
0.96.5
quaggaquagga
0.97.0
quaggaquagga
0.97.1
quaggaquagga
0.97.2
quaggaquagga
0.97.3
quaggaquagga
0.97.4
quaggaquagga
0.97.5
quaggaquagga
0.98.0
quaggaquagga
0.98.1
quaggaquagga
0.98.2
quaggaquagga
0.98.3
quaggaquagga
0.98.4
quaggaquagga
0.98.5
quaggaquagga
0.98.6
quaggaquagga
0.99.1
quaggaquagga
0.99.2
quaggaquagga
0.99.3
quaggaquagga
0.99.4
quaggaquagga
0.99.5
quaggaquagga
0.99.6
quaggaquagga
0.99.7
quaggaquagga
0.99.8
quaggaquagga
0.99.9
quaggaquagga
0.99.10
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
quagga
jaunty
Fixed 0.99.11-1ubuntu0.1
released
intrepid
Fixed 0.99.9-6ubuntu0.1
released
hardy
Fixed 0.99.9-2ubuntu1.2
released
dapper
Fixed 0.99.2-1ubuntu3.5
released
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://marc.info/?l=quagga-dev&m=123364779626078&w=2
http://secunia.com/advisories/34999
http://secunia.com/advisories/35061
http://secunia.com/advisories/35203
http://secunia.com/advisories/35685
http://thread.gmane.org/gmane.network.quagga.devel/6513
http://www.debian.org/security/2009/dsa-1788
http://www.mandriva.com/security/advisories?name=MDVSA-2009:109
http://www.openwall.com/lists/oss-security/2009/05/01/1
http://www.openwall.com/lists/oss-security/2009/05/01/2
http://www.osvdb.org/54200
http://www.securityfocus.com/bid/34817
http://www.securitytracker.com/id?1022164
http://www.ubuntu.com/usn/usn-775-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/50317
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01037.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01107.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://marc.info/?l=quagga-dev&m=123364779626078&w=2
http://secunia.com/advisories/34999
http://secunia.com/advisories/35061
http://secunia.com/advisories/35203
http://secunia.com/advisories/35685
http://thread.gmane.org/gmane.network.quagga.devel/6513
http://www.debian.org/security/2009/dsa-1788
http://www.mandriva.com/security/advisories?name=MDVSA-2009:109
http://www.openwall.com/lists/oss-security/2009/05/01/1
http://www.openwall.com/lists/oss-security/2009/05/01/2
http://www.osvdb.org/54200
http://www.securityfocus.com/bid/34817
http://www.securitytracker.com/id?1022164
http://www.ubuntu.com/usn/usn-775-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/50317
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01037.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01107.html