CVE-2019-16159

HIGH

BIRD Internet Routing Daemon <2.0.5 - Buffer Overflow

Title source: llm
STIX 2.1

Description

BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed.

References (12)

Core 12
Core References
Vendor Advisory x_refsource_misc
http://bird.network.cz
Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Sep/34
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2019/dsa-4528
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00063.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00065.html

Scores

CVSS v3 7.5
EPSS 0.0591
EPSS Percentile 90.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-787
Status published
Products (5)
debian/debian_linux 10.0
fedoraproject/fedora 29
fedoraproject/fedora 30
nic/bird 1.6.0 - 1.6.7
opensuse/backports_sle 15.0 sp1
Published Sep 09, 2019
Tracked Since Feb 18, 2026