Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field.
2012-04-05T13:25:30.583
2025-04-11T00:51:21.963
Deferred
CVSSv2: 3.3 (LOW)
AV:A/AC:L/Au:N/C:N/I:N/A:P
6.5
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | quagga | quagga | ≤ 0.99.20 | Yes |
| Application | quagga | quagga | 0.99.1 | Yes |
| Application | quagga | quagga | 0.99.2 | Yes |
| Application | quagga | quagga | 0.99.3 | Yes |
| Application | quagga | quagga | 0.99.4 | Yes |
| Application | quagga | quagga | 0.99.5 | Yes |
| Application | quagga | quagga | 0.99.6 | Yes |
| Application | quagga | quagga | 0.99.7 | Yes |
| Application | quagga | quagga | 0.99.8 | Yes |
| Application | quagga | quagga | 0.99.9 | Yes |
| Application | quagga | quagga | 0.99.10 | Yes |
| Application | quagga | quagga | 0.99.11 | Yes |
| Application | quagga | quagga | 0.99.12 | Yes |
| Application | quagga | quagga | 0.99.13 | Yes |
| Application | quagga | quagga | 0.99.14 | Yes |
| Application | quagga | quagga | 0.99.15 | Yes |
| Application | quagga | quagga | 0.99.16 | Yes |
| Application | quagga | quagga | 0.99.17 | Yes |
| Application | quagga | quagga | 0.99.18 | Yes |
| Application | quagga | quagga | 0.99.19 | Yes |