CVE-2007-1995
CVE-2007-1995 is a medium-severity vulnerability in Quagga with a CVSS 2.0 base score of 6.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-20.
Key facts
- Severity: Medium (CVSS 2.0 base score 6.3)
- EPSS exploit prediction: 2% (75th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-20
- Affected product: Quagga
- Published:
- Last modified:
Description
bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.
Frequently asked questions
- What is CVE-2007-1995?
- bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.
- How severe is CVE-2007-1995?
- CVE-2007-1995 has a CVSS 2.0 base score of 6.3, rated medium severity.
- Is CVE-2007-1995 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (75th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2007-1995?
- CVE-2007-1995 primarily affects Quagga. In total, 20 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2007-1995?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2007-1995 published?
- CVE-2007-1995 was published on 2007-04-12 and last updated on 2026-06-16.
References
- http://bugzilla.quagga.net/show_bug.cgi?id=354
- http://bugzilla.quagga.net/show_bug.cgi?id=355
- http://secunia.com/advisories/24808
- http://secunia.com/advisories/25084
- http://secunia.com/advisories/25119
- http://secunia.com/advisories/25255
- http://secunia.com/advisories/25293
- http://secunia.com/advisories/25312
- http://secunia.com/advisories/25428
- http://secunia.com/advisories/29743
- http://security.gentoo.org/glsa/glsa-200705-05.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-236141-1
- http://www.debian.org/security/2007/dsa-1293
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:096
- http://www.novell.com/linux/security/advisories/2007_9_sr.html
- http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.015.html
- http://www.quagga.net/news2.php?y=2007&m=4&d=8#id1176073740
- http://www.redhat.com/support/errata/RHSA-2007-0389.html
- http://www.securityfocus.com/bid/23417
- http://www.securitytracker.com/id?1018142
- http://www.trustix.org/errata/2007/0017/
- http://www.ubuntu.com/usn/usn-461-1
- http://www.vupen.com/english/advisories/2007/1336
- http://www.vupen.com/english/advisories/2008/1195/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33547
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11048
Affected products (20)
- cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*
More vulnerabilities in Quagga
- CVE-2016-1245 — Critical (CVSS 9.8): It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when…
- CVE-2017-3224 — High (CVSS 8.2): Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA)…
- CVE-2016-2342 — High (CVSS 8.1): The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when…
- CVE-2021-44038 — High (CVSS 7.8): An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users…
- CVE-2018-5379 — High (CVSS 7.5): The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE…
- CVE-2017-16227 — High (CVSS 7.5): The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of…
Other CWE-20 (Improper Input Validation) vulnerabilities
- CVE-2026-48316 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48281 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48277 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48055 — Critical (CVSS 10.0): Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and…
- CVE-2026-34910 — Critical (CVSS 10.0): A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS…
- CVE-2026-33587 — Critical (CVSS 10.0): Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and…
Browse all CWE-20 (Improper Input Validation) vulnerabilities →