Impact
BIRD Internet Routing Daemon, version 2.19.0 and earlier, contains a stack‑based buffer overflow in the AS_PATH mask matching code. When RFC 8654 BGP Extended Messages are enabled, a BGP UPDATE carrying an AS_PATH longer than 2048 ASNs can be parsed without enforcing a capacity limit, causing as_path_match() to overwrite memory on the stack. The overflow leads to an immediate crash of the daemon, causing loss of routing functionality at that node. This vulnerability is a classic stack‑based buffer overflow problem classified as CWEs‑120 and ‑121, and does not provide direct code execution but does deny service to the affected router.
Affected Systems
All installations of the BIRD Internet Routing Daemon, up to and including version 2.19.0, that enable RFC 8654 extended messages are vulnerable. The product is maintained at https://gitlab.nic.cz/labs/bird, and no official fix is currently in a released version. Network operators using BIRD with extended messages or with permissive route advertisement policies are impacted.
Risk and Exploitability
The CVSS score of 6.3 indicates moderate severity. The EPSS score is below 1%, indicating a low probability of public exploitation, and the vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed public exploits. However, the attack vector is straightforward: an adversary or compromised BGP peer that sends a long AS_PATH trigger the overflow. Operators must consider disallowing extended messages or filtering excessively long AS_PATHs to reduce the risk.
OpenCVE Enrichment