bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-12T10:00:00

Updated: 2024-08-07T13:13:42.070Z

Reserved: 2007-04-11T00:00:00

Link: CVE-2007-1995

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2007-04-12T10:19:00.000

Modified: 2024-11-21T00:29:38.683

Link: CVE-2007-1995

cve-icon Redhat

Severity : Moderate

Publid Date: 2007-04-08T00:00:00Z

Links: CVE-2007-1995 - Bugzilla