Source: bird
Version: 1.6.7-1
Severity: grave
Tags: security upstream
Control: found -1 1.6.6-1


The following vulnerability was published for bird.

| BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5
| has a stack-based buffer overflow. The BGP daemon's support for RFC
| 8203 administrative shutdown communication messages included an
| incorrect logical expression when checking the validity of an input
| message. Sending a shutdown communication with a sufficient message
| length causes a four-byte overflow to occur while processing the
| message, where two of the overflow bytes are attacker-controlled and
| two are fixed.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:


Please adjust the affected versions in the BTS as needed.


Reply via email to