CVE-2012-0249

low

Published 2012-04-05 · Modified 2026-04-29

CVSS v3

—

CVSS v2

3.3

VIR risk

3.3

Description

Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cret@cert.org — https://bugzilla.quagga.net/show_bug.cgi?id=705

vendor Authored 2026-05-27

Vendor advisory: cret@cert.org — http://www.kb.cert.org/vuls/id/551715

Application impact

Vendor	Product	Versions
quagga	quagga	`{"endIncluding":"0.99.20"}`
quagga	quagga	`0.95`
quagga	quagga	`0.96`
quagga	quagga	`0.96.1`
quagga	quagga	`0.96.2`
quagga	quagga	`0.96.3`
quagga	quagga	`0.96.4`
quagga	quagga	`0.96.5`
quagga	quagga	`0.97.0`
quagga	quagga	`0.97.1`
quagga	quagga	`0.97.2`
quagga	quagga	`0.97.3`
quagga	quagga	`0.97.4`
quagga	quagga	`0.97.5`
quagga	quagga	`0.98.0`
quagga	quagga	`0.98.1`
quagga	quagga	`0.98.2`
quagga	quagga	`0.98.3`
quagga	quagga	`0.98.4`
quagga	quagga	`0.98.5`
quagga	quagga	`0.98.6`
quagga	quagga	`0.99.1`
quagga	quagga	`0.99.2`
quagga	quagga	`0.99.3`
quagga	quagga	`0.99.4`
quagga	quagga	`0.99.5`
quagga	quagga	`0.99.6`
quagga	quagga	`0.99.7`
quagga	quagga	`0.99.8`
quagga	quagga	`0.99.9`
quagga	quagga	`0.99.10`
quagga	quagga	`0.99.11`
quagga	quagga	`0.99.12`
quagga	quagga	`0.99.13`
quagga	quagga	`0.99.14`
quagga	quagga	`0.99.15`
quagga	quagga	`0.99.16`
quagga	quagga	`0.99.17`
quagga	quagga	`0.99.18`
quagga	quagga	`0.99.19`

References

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.