{ "threat_severity" : "Moderate", "public_date" : "2010-08-19T00:00:00Z", "bugzilla" : { "description" : "(bgpd): Stack buffer overflow by processing certain Route-Refresh messages", "id" : "626783", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=626783" }, "cvss" : { "cvss_base_score" : "5.4", "cvss_scoring_vector" : "AV:A/AC:M/Au:N/C:P/I:P/A:P", "status" : "verified" }, "cwe" : "CWE-121", "details" : [ "Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message." ], "statement" : "This issue is not planned to be fixed in Red Hat Enterprise Linux 3\ndue to this product being in Production 3 of its maintenance\nlife-cycle, where only qualified security errata of important and\ncritical impact are addressed.\nFor further information about the Errata Support Policy, visit:\nhttp://www.redhat.com/security/updates/errata\nA future update in Red Hat Enterprise Linux 4 and\nRed Hat Enterprise Linux 5 may address this flaw.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 4", "release_date" : "2010-10-20T00:00:00Z", "advisory" : "RHSA-2010:0785", "cpe" : "cpe:/o:redhat:enterprise_linux:4", "package" : "quagga-0:0.98.3-4.el4_8.1" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2010-10-20T00:00:00Z", "advisory" : "RHSA-2010:0785", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "quagga-0:0.98.6-5.el5_5.2" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2010-12-06T00:00:00Z", "advisory" : "RHSA-2010:0945", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "quagga-0:0.99.15-5.el6_0.1" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2010-2948\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-2948" ], "name" : "CVE-2010-2948", "csaw" : false }