VDB
CVE-2013-2236
CVE-2013-2236
REJECTED
Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA.
EPSS 0.96% · 76.9th percentile
Risk Scores
EPSS Score
0.96%
76.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | quagga | 0, 0.99.22.1-2 |
Exploit Intelligence
- RHSA-2017:0794 (circl)
- 60955 (circl)
- http://nongnu.mirrors.hostinginnederland.nl//quagga/quagga-0.99.22.3.changelog.txt (circl)
- http://git.savannah.gnu.org/gitweb/?p=quagga.git%3Ba=commitdiff%3Bh=3f872fe60463a931c5c766dbf8c36870c0023e88 (circl)
- [quagga-dev] 20130702 [quagga-dev 10568] ospfd, new_msg_lsa_change_notify: looks like a buffer overflow (circl)
- DSA-2803 (circl)
- [oss-security] 20130703 Re: CVE request: Quagga OSPF-API stack overrun (circl)
- USN-2941-1 (circl)
Timeline
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- Jun 5, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2013-2236 third-party-advisory
- http://lists.quagga.net/pipermail/quagga-dev/2013-July/010621.html third-party-advisory
- https://ubuntu.com/security/notices/USN-2941-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2013-2236 third-party-advisory