CVE-2010-1675

bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
quaggaquagga
𝑥
≤ 0.99.17
quaggaquagga
0.95
quaggaquagga
0.96
quaggaquagga
0.96.1
quaggaquagga
0.96.2
quaggaquagga
0.96.3
quaggaquagga
0.96.4
quaggaquagga
0.96.5
quaggaquagga
0.97.0
quaggaquagga
0.97.1
quaggaquagga
0.97.2
quaggaquagga
0.97.3
quaggaquagga
0.97.4
quaggaquagga
0.97.5
quaggaquagga
0.98.0
quaggaquagga
0.98.1
quaggaquagga
0.98.2
quaggaquagga
0.98.3
quaggaquagga
0.98.4
quaggaquagga
0.98.5
quaggaquagga
0.98.6
quaggaquagga
0.99.1
quaggaquagga
0.99.2
quaggaquagga
0.99.3
quaggaquagga
0.99.4
quaggaquagga
0.99.5
quaggaquagga
0.99.6
quaggaquagga
0.99.7
quaggaquagga
0.99.8
quaggaquagga
0.99.9
quaggaquagga
0.99.10
quaggaquagga
0.99.11
quaggaquagga
0.99.12
quaggaquagga
0.99.13
quaggaquagga
0.99.14
quaggaquagga
0.99.15
quaggaquagga
0.99.16
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
quagga
dapper
not-affected
hardy
Fixed 0.99.9-2ubuntu1.5
released
karmic
Fixed 0.99.13-1ubuntu0.2
released
lucid
Fixed 0.99.15-1ubuntu0.2
released
maverick
Fixed 0.99.17-1ubuntu0.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libospf0
suse enterprise sap 12 SP5
1.1.1-17.7.1
fixed
suse enterprise server 12 SP4
1.1.1-17.7.1
fixed
suse enterprise server 12 SP5
1.1.1-17.7.1
fixed
libospfapiclient0
suse enterprise sap 12 SP5
1.1.1-17.7.1
fixed
suse enterprise server 12 SP4
1.1.1-17.7.1
fixed
suse enterprise server 12 SP5
1.1.1-17.7.1
fixed
libquagga_pb0
suse enterprise sap 12 SP5
1.1.1-17.7.1
fixed
suse enterprise server 12 SP4
1.1.1-17.7.1
fixed
suse enterprise server 12 SP5
1.1.1-17.7.1
fixed
libzebra1
suse enterprise sap 12 SP5
1.1.1-17.7.1
fixed
suse enterprise server 12 SP4
1.1.1-17.7.1
fixed
suse enterprise server 12 SP5
1.1.1-17.7.1
fixed
quagga
suse enterprise sap 12 SP5
1.1.1-17.7.1
fixed
suse enterprise server 12 SP4
1.1.1-17.7.1
fixed
suse enterprise server 12 SP5
1.1.1-17.7.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
quagga
RHEL 6
0:0.99.15-5.el6_0.2
fixed
quagga-contrib
RHEL 6
0:0.99.15-5.el6_0.2
fixed
quagga-devel
RHEL 6
0:0.99.15-5.el6_0.2
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html
http://secunia.com/advisories/43499
http://secunia.com/advisories/43770
http://secunia.com/advisories/48106
http://security.gentoo.org/glsa/glsa-201202-02.xml
http://www.debian.org/security/2011/dsa-2197
http://www.mandriva.com/security/advisories?name=MDVSA-2011:058
http://www.osvdb.org/71258
http://www.quagga.net/news2.php?y=2011&m=3&d=21#id1300723200
http://www.securityfocus.com/bid/46943
http://www.vupen.com/english/advisories/2011/0711
https://bugzilla.redhat.com/show_bug.cgi?id=654614
https://exchange.xforce.ibmcloud.com/vulnerabilities/66212
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html
http://secunia.com/advisories/43499
http://secunia.com/advisories/43770
http://secunia.com/advisories/48106
http://security.gentoo.org/glsa/glsa-201202-02.xml
http://www.debian.org/security/2011/dsa-2197
http://www.mandriva.com/security/advisories?name=MDVSA-2011:058
http://www.osvdb.org/71258
http://www.quagga.net/news2.php?y=2011&m=3&d=21#id1300723200
http://www.securityfocus.com/bid/46943
http://www.vupen.com/english/advisories/2011/0711
https://bugzilla.redhat.com/show_bug.cgi?id=654614
https://exchange.xforce.ibmcloud.com/vulnerabilities/66212