CVE-2009-1154
Cisco IOS XR < 3.8.1 - Denial of Service via Long BGP UPDATE Message
Title source: llmDescription
Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1022756
Patch, Vendor Advisory vendor-advisory
x_refsource_cisco
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml
Scores
EPSS
0.0134
EPSS Percentile
67.9%
Details
CWE
CWE-119
Status
published
Products (19)
cisco/ios_xr
3.4
cisco/ios_xr
3.4.0
cisco/ios_xr
3.4.1
cisco/ios_xr
3.4.2
cisco/ios_xr
3.4.3
cisco/ios_xr
3.5
cisco/ios_xr
3.5.2
cisco/ios_xr
3.5.3
cisco/ios_xr
3.5.4
cisco/ios_xr
3.6.0
... and 9 more
Published
Aug 21, 2009
Tracked Since
Feb 18, 2026