What is the severity of CVE-2011-3327?

CVE-2011-3327 has a low severity rating due to the nature of its exploit, which primarily causes denial of service.

How do I fix CVE-2011-3327?

To fix CVE-2011-3327, upgrade Quagga to version 0.99.19 or later.

What versions of Quagga are affected by CVE-2011-3327?

CVE-2011-3327 affects all Quagga versions prior to 0.99.19, including 0.95, 0.96.x, 0.97.x, 0.98.x, and 0.99.x up to 0.99.18.

Can CVE-2011-3327 lead to remote code execution?

No, CVE-2011-3327 is a heap-based buffer overflow vulnerability that primarily leads to a crash, rather than remote code execution.

Is there a workaround for CVE-2011-3327 if I cannot upgrade?

There are no effective workarounds for CVE-2011-3327, hence updating to a patched version is strongly recommended.

Vulnerability/
CVE-2011-3327

high

7.5

CWE

119

14/9/2011

10/10/2011

6/8/2024

CVE-2011-3327: Buffer Overflow

First published: Wed Sep 14 2011(Updated: )

A heap-based buffer overflow flaw was found in the way bgpd daemon of the Quagga routing suite processed BGP UPDATE messages containing unknown AS_PATH in Extended Communities Path Attribute. A configured BGP peer could use this flaw to cause the master BGP daemon (bgpd) to crash, or, potentially execute arbitrary code with the privileges of the user running bgpd.

Credit: cret@cert.org

Affected Software	Affected Version	How to fix
redhat/quagga	<0.99.19	0.99.19
Quagga Routing Software Suite	=0.99.11
Quagga Routing Software Suite	=0.99.2
Quagga Routing Software Suite	=0.97.5
Quagga Routing Software Suite	=0.95
Quagga Routing Software Suite	=0.98.3
Quagga Routing Software Suite	=0.96.3
Quagga Routing Software Suite	=0.99.4
Quagga Routing Software Suite	=0.99.7
Quagga Routing Software Suite	=0.99.14
Quagga Routing Software Suite	=0.99.5
Quagga Routing Software Suite	=0.96.5
Quagga Routing Software Suite	=0.98.0
Quagga Routing Software Suite	=0.99.16
Quagga Routing Software Suite	=0.96.1
Quagga Routing Software Suite	=0.98.1
Quagga Routing Software Suite	=0.96.4
Quagga Routing Software Suite	=0.98.5
Quagga Routing Software Suite	=0.97.3
Quagga Routing Software Suite	=0.99.17
Quagga Routing Software Suite	=0.99.3
Quagga Routing Software Suite	=0.99.13
Quagga Routing Software Suite	=0.99.6
Quagga Routing Software Suite	=0.98.6
Quagga Routing Software Suite	=0.97.4
Quagga Routing Software Suite	=0.98.4
Quagga Routing Software Suite	=0.99.12
Quagga Routing Software Suite	=0.98.2
Quagga Routing Software Suite	=0.97.1
Quagga Routing Software Suite	=0.97.0
Quagga Routing Software Suite	=0.96.2
Quagga Routing Software Suite	=0.99.9
Quagga Routing Software Suite	=0.99.1
Quagga Routing Software Suite	<=0.99.18
Quagga Routing Software Suite	=0.97.2
Quagga Routing Software Suite	=0.99.15
Quagga Routing Software Suite	=0.99.10
Quagga Routing Software Suite	=0.99.8
Quagga Routing Software Suite	=0.96

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2011-3327?
CVE-2011-3327 has a low severity rating due to the nature of its exploit, which primarily causes denial of service.
How do I fix CVE-2011-3327?
To fix CVE-2011-3327, upgrade Quagga to version 0.99.19 or later.
What versions of Quagga are affected by CVE-2011-3327?
CVE-2011-3327 affects all Quagga versions prior to 0.99.19, including 0.95, 0.96.x, 0.97.x, 0.98.x, and 0.99.x up to 0.99.18.
Can CVE-2011-3327 lead to remote code execution?
No, CVE-2011-3327 is a heap-based buffer overflow vulnerability that primarily leads to a crash, rather than remote code execution.
Is there a workaround for CVE-2011-3327 if I cannot upgrade?
There are no effective workarounds for CVE-2011-3327, hence updating to a patched version is strongly recommended.

agent/softwarecombine
agent/first-publish-date
agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/references
agent/last-modified-date
agent/author
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2011-3327
agent/software-canonical-lookup
agent/event
agent/trending
agent/source
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/redhat
vendor/quagga
canonical/quagga routing software suite
version/quagga routing software suite/0.99.11
version/quagga routing software suite/0.99.2
version/quagga routing software suite/0.97.5
version/quagga routing software suite/0.95
version/quagga routing software suite/0.98.3
version/quagga routing software suite/0.96.3
version/quagga routing software suite/0.99.4
version/quagga routing software suite/0.99.7
version/quagga routing software suite/0.99.14
version/quagga routing software suite/0.99.5
version/quagga routing software suite/0.96.5
version/quagga routing software suite/0.98.0
version/quagga routing software suite/0.99.16
version/quagga routing software suite/0.96.1
version/quagga routing software suite/0.98.1
version/quagga routing software suite/0.96.4
version/quagga routing software suite/0.98.5
version/quagga routing software suite/0.97.3
version/quagga routing software suite/0.99.17
version/quagga routing software suite/0.99.3
version/quagga routing software suite/0.99.13
version/quagga routing software suite/0.99.6
version/quagga routing software suite/0.98.6
version/quagga routing software suite/0.97.4
version/quagga routing software suite/0.98.4
version/quagga routing software suite/0.99.12
version/quagga routing software suite/0.98.2
version/quagga routing software suite/0.97.1
version/quagga routing software suite/0.97.0
version/quagga routing software suite/0.96.2
version/quagga routing software suite/0.99.9
version/quagga routing software suite/0.99.1
version/quagga routing software suite/0.99.18
version/quagga routing software suite/0.97.2
version/quagga routing software suite/0.99.15
version/quagga routing software suite/0.99.10
version/quagga routing software suite/0.99.8
version/quagga routing software suite/0.96