CVE-2013-6051 - Vulnerability Details - OpenCVE

The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00425.

Key SSVC decision points have not yet been added.

Vendors	Products
Quagga	Quagga

Configuration 1 [-]

cpe:2.3:a:quagga:quagga:0.99.21:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
Debian DSA	DSA-2803-1	quagga security update
EUVD	EUVD-2013-5880	The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730513
http://git.savannah.gnu.org/gitweb/?p=quagga.git%3Ba=commitdiff%3Bh=8794e8d229dc9fe29ea31424883433d4880ef408
http://www.debian.org/security/2013/dsa-2803
https://nvd.nist.gov/vuln/detail/CVE-2013-6051
https://www.cve.org/CVERecord?id=CVE-2013-6051

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-12-14T17:00:00

Updated: 2024-08-06T17:29:42.975Z

Reserved: 2013-10-08T00:00:00

Link: CVE-2013-6051

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-12-14T17:21:46.397

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-6051

Redhat

Severity : Moderate

Publid Date: 2013-11-25T00:00:00Z

Links: CVE-2013-6051 - Bugzilla

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-26T00:00:00", "descriptions": [{"lang": "en", "value": "The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-12-14T16:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-2803", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2803"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730513"}, {"tags": ["x_refsource_MISC"], "url": "http://git.savannah.gnu.org/gitweb/?p=quagga.git%3Ba=commitdiff%3Bh=8794e8d229dc9fe29ea31424883433d4880ef408"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6051", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-2803", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2803"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730513", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730513"}, {"name": "http://git.savannah.gnu.org/gitweb/?p=quagga.git;a=commitdiff;h=8794e8d229dc9fe29ea31424883433d4880ef408", "refsource": "MISC", "url": "http://git.savannah.gnu.org/gitweb/?p=quagga.git;a=commitdiff;h=8794e8d229dc9fe29ea31424883433d4880ef408"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:29:42.975Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-2803", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2803"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730513"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://git.savannah.gnu.org/gitweb/?p=quagga.git%3Ba=commitdiff%3Bh=8794e8d229dc9fe29ea31424883433d4880ef408"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-6051", "datePublished": "2013-12-14T17:00:00", "dateReserved": "2013-10-08T00:00:00", "dateUpdated": "2024-08-06T17:29:42.975Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:quagga:quagga:0.99.21:*:*:*:*:*:*:*", "matchCriteriaId": "4739E6D9-4F17-4CDA-8320-9832D65D94A3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update."}, {"lang": "es", "value": "La funci\u00f3n bgp_attr_unknown en bgp_attr.c en Quagga 0.99.21 no inicializa correctamente la variable total, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda bgpd) a trav\u00e9s de una actualizaci\u00f3n manipulada de BGP."}], "id": "CVE-2013-6051", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-12-14T17:21:46.397", "references": [{"source": "cve@mitre.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730513"}, {"source": "cve@mitre.org", "url": "http://git.savannah.gnu.org/gitweb/?p=quagga.git%3Ba=commitdiff%3Bh=8794e8d229dc9fe29ea31424883433d4880ef408"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2013/dsa-2803"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730513"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.savannah.gnu.org/gitweb/?p=quagga.git%3Ba=commitdiff%3Bh=8794e8d229dc9fe29ea31424883433d4880ef408"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2013/dsa-2803"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}