Vulnerability Details : CVE-2011-3325
ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via (1) a 0x0a type field in an IPv4 packet header or (2) a truncated IPv4 Hello packet.
Vulnerability category: Denial of service
Products affected by CVE-2011-3325
- cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.99.17:*:*:*:*:*:*:*
Threat overview for CVE-2011-3325
Top countries where our scanners detected CVE-2011-3325
Top open port discovered on systems with this issue
2601
IPs affected by CVE-2011-3325 2,633
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2011-3325!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2011-3325
8.63%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-3325
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-3325
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3325
-
http://code.quagga.net/?p=quagga.git;a=commit;h=61ab0301606053192f45c188bc48afc837518770
cgit errorPatch
-
https://www.cert.fi/en/reports/2011/vulnerability539178.html
Etusivu | Kyberturvallisuuskeskus
-
http://www.quagga.net/download/quagga-0.99.19.changelog.txt
-
http://rhn.redhat.com/errata/RHSA-2012-1259.html
RHSA-2012:1259 - Security Advisory - Red Hat Customer Portal
-
http://www.kb.cert.org/vuls/id/668534
VU#668534 - Multiple Quagga remote component vulnerabilitiesUS Government Resource
-
http://secunia.com/advisories/48106
Sign in
-
http://code.quagga.net/?p=quagga.git;a=commit;h=717750433839762d23a5f8d88fe0b4d57c8d490a
cgit errorPatch
-
http://security.gentoo.org/glsa/glsa-201202-02.xml
Quagga: Multiple vulnerabilities (GLSA 201202-02) — Gentoo security
-
http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html
[security-announce] SUSE-SU-2011:1171-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html
[security-announce] SUSE-SU-2011:1316-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html
[security-announce] SUSE-SU-2011:1075-1: important: Security update for
-
https://bugzilla.redhat.com/show_bug.cgi?id=738396
738396 – (CVE-2011-3325) CVE-2011-3325 Quagga (ospfd): Denial of service by decoding too short Hello packet or Hello packet with invalid OSPFv2 header typePatch
-
http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html
[security-announce] openSUSE-SU-2011:1155-1: important: quagga: fixing m
-
http://rhn.redhat.com/errata/RHSA-2012-1258.html
RHSA-2012:1258 - Security Advisory - Red Hat Customer Portal
-
http://www.debian.org/security/2011/dsa-2316
Debian -- Security Information -- DSA-2316-1 quagga
Jump to