Executive Summary

Informations
Name CVE-2013-2236 First vendor Publication 2013-10-23
Vendor Cve Last vendor Modification 2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:N/I:N/A:P)
Cvss Base Score 2.6 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2236

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:25784
 
Oval ID: oval:org.mitre.oval:def:25784
Title: SUSE-SU-2013:1470-1 -- Security update for quagga
Description: This update of quagga fixes two security issues: * CVE-2013-0149: specially-crafted OSPF packets could have caused the routing table to be erased (bnc#822572) * CVE-2013-2236: local network stack overflow (bnc#828117)
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1470-1
CVE-2013-0149
CVE-2013-2236
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): quagga
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 43

Nessus® Vulnerability Scanner

Date Description
2017-04-06 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20170321_quagga_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2017-03-30 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2017-0794.nasl - Type : ACT_GATHER_INFO
2017-03-27 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2017-0794.nasl - Type : ACT_GATHER_INFO
2017-03-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2017-0794.nasl - Type : ACT_GATHER_INFO
2016-03-25 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2941-1.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_quagga_20140721.nasl - Type : ACT_GATHER_INFO
2013-11-27 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2803.nasl - Type : ACT_GATHER_INFO
2013-11-05 Name : The remote service may be affected by a buffer overflow vulnerability.
File : quagga_0_99_22_2.nasl - Type : ACT_GATHER_INFO
2013-10-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-254.nasl - Type : ACT_GATHER_INFO
2013-10-11 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201310-08.nasl - Type : ACT_GATHER_INFO
2013-09-20 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_quagga-130822.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://git.savannah.gnu.org/gitweb/?p=quagga.git%3Ba=commitdiff%3Bh=3f872fe60...
Source Url
BID http://www.securityfocus.com/bid/60955
CONFIRM http://nongnu.mirrors.hostinginnederland.nl//quagga/quagga-0.99.22.3.changelo...
DEBIAN http://www.debian.org/security/2013/dsa-2803
MLIST http://lists.quagga.net/pipermail/quagga-dev/2013-July/010622.html
http://seclists.org/oss-sec/2013/q3/24
REDHAT http://rhn.redhat.com/errata/RHSA-2017-0794.html
UBUNTU http://www.ubuntu.com/usn/USN-2941-1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Date Informations
2023-11-07 21:45:51
  • Multiple Updates
2021-05-05 01:12:35
  • Multiple Updates
2021-05-04 12:25:00
  • Multiple Updates
2021-04-22 01:29:57
  • Multiple Updates
2020-05-24 01:11:09
  • Multiple Updates
2020-05-23 00:36:56
  • Multiple Updates
2018-01-05 09:23:16
  • Multiple Updates
2017-04-07 13:23:00
  • Multiple Updates
2017-03-31 13:22:46
  • Multiple Updates
2017-03-28 13:25:26
  • Multiple Updates
2017-03-23 13:24:14
  • Multiple Updates
2016-12-31 09:24:17
  • Multiple Updates
2016-12-03 09:23:54
  • Multiple Updates
2016-06-28 19:28:49
  • Multiple Updates
2016-04-26 23:06:11
  • Multiple Updates
2016-03-26 13:26:28
  • Multiple Updates
2015-01-21 13:26:15
  • Multiple Updates
2014-02-17 11:19:15
  • Multiple Updates
2013-12-20 13:19:18
  • Multiple Updates
2013-10-24 17:21:41
  • Multiple Updates
2013-10-24 13:22:10
  • First insertion