CVE-2007-4826

Description

bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled.

How to fix CVE-2007-4826

To remediate CVE-2007-4826, upgrade the affected package to a fixed version below.

• Debian/quagga—upgrade to 0.99.9-1 or later
• Debian/quagga—upgrade to 0.99.5-5etch3 or later

Is CVE-2007-4826 being exploited?

Low — EPSS is 1.5%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 0.99.9-1
• from 0, < 0.99.5-5etch3

References (19)

• ADVISORYsecunia.com/advisories/26829
• ADVISORYsecunia.com/advisories/26863
• ADVISORYsecunia.com/advisories/27049
• ADVISORYsecunia.com/advisories/29743
• ADVISORYwww.debian.org/security/2007/dsa-1382