CVE-2018-12066 Information

Description

BIRD Internet Routing Daemon before 1.6.4 allows local users to cause a denial of service (stack consumption and daemon crash) via BGP mask expressions in birdc.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

http://bird.network.cz https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900967 https://gitlab.labs.nic.cz/labs/bird/blob/v1.6.4/NEWSL11 https://gitlab.labs.nic.cz/labs/bird/commit/e8bc64e308586b6502090da2775af84cd760ed0d

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

5.5