CVE-2009-1572

Description

The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.

How to fix CVE-2009-1572

To remediate CVE-2009-1572, upgrade the affected package to a fixed version below.

• Debian/quagga—upgrade to 0.99.11-2 or later
• Debian/quagga—upgrade to 0.99.10-1lenny2 or later

Is CVE-2009-1572 being exploited?

Moderate — EPSS is 11.2%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

• from 0, < 0.99.11-2
• from 0, < 0.99.10-1lenny2

References (19)

• ADVISORYsecunia.com/advisories/34999
• ADVISORYsecunia.com/advisories/35061
• ADVISORYsecunia.com/advisories/35203
• ADVISORYsecunia.com/advisories/35685
• ADVISORYwww.mandriva.com/security/advisories?name=MDVSA-2009:109