Your submission was sent successfully! Close

CVE-2012-0255

Published: 5 April 2012

The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability).

Priority

Medium

Status

Package Release Status
quagga
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid
Released (0.99.20.1-0ubuntu0.10.04.2)
maverick Ignored
(reached end-of-life)
natty
Released (0.99.20.1-0ubuntu0.11.04.2)
oneiric
Released (0.99.20.1-0ubuntu0.11.10.2)
precise
Released (0.99.20.1-0ubuntu0.12.04.2)
upstream
Released (0.99.20.1-1)