CVE-2007-4826 Affecting quagga-devel package, versions <0:0.98.6-5.el5_5.2


Severity

Recommended
medium

Based on Oracle Linux security rating.

Threat Intelligence

EPSS
1.63% (88th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-ORACLE5-QUAGGADEVEL-2453163
  • published10 Apr 2022
  • disclosed12 Sept 2007

Introduced: 12 Sep 2007

CVE-2007-4826  (opens in a new tab)

How to fix?

Upgrade Oracle:5 quagga-devel to version 0:0.98.6-5.el5_5.2 or higher.
This issue was patched in ELSA-2010-0785.

NVD Description

Note: Versions mentioned in the description apply only to the upstream quagga-devel package and not the quagga-devel package as distributed by Oracle. See How to fix? for Oracle:5 relevant fixed versions and status.

bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled.

CVSS Scores

version 3.1