CVE-2009-1154

Cisco IOS XR < 3.8.1 - Denial of Service via Long BGP UPDATE Message

Title source: llm
STIX 2.1

Description

Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1022756
Patch, Vendor Advisory vendor-advisory x_refsource_cisco
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml

Scores

EPSS 0.0134
EPSS Percentile 67.9%

Details

CWE
CWE-119
Status published
Products (19)
cisco/ios_xr 3.4
cisco/ios_xr 3.4.0
cisco/ios_xr 3.4.1
cisco/ios_xr 3.4.2
cisco/ios_xr 3.4.3
cisco/ios_xr 3.5
cisco/ios_xr 3.5.2
cisco/ios_xr 3.5.3
cisco/ios_xr 3.5.4
cisco/ios_xr 3.6.0
... and 9 more
Published Aug 21, 2009
Tracked Since Feb 18, 2026