CVE-2011-3326

The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via an invalid Link State Advertisement (LSA) type in an IPv4 Link State Update message.

Published: 2011-10-10 Last update: 2026-04-29 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2011-3326 is rated Moderate Risk (47.6/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 4.23%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2011-3326

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-12-01 7.57% 4.23% -3.34%
2 2025-03-30 9.06% 7.57% -1.49%
3 2025-03-29 9.06%

Full EPSS history (9 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2011-3326

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.0 2.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:P)
Partial availability impact.
 10.0 2.9 [email protected]

Weakness enumeration for CVE-2011-3326

OS Trackers for CVE-2011-3326

vendor priority summary link
gentoo high CVE-2011-3326: 1 GLSA(s) (201202-02), 1 atom(s) (net-misc/quagga); latest impact high. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2011-3326
redhat low https://access.redhat.com/security/cve/CVE-2011-3326
ubuntu medium CVE-2011-3326 medium priority: Ubuntu including 1 source packages (quagga), 6 status rows across 6 suites (hardy, lucid, maverick, natty, oneiric, upstream): released 5, ignored 1. https://ubuntu.com/security/CVE-2011-3326

Affected software / configurations for CVE-2011-3326

Vendor Product Version Raw CPE
quagga quagga <= 0.99.18 cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*
quagga quagga 0.95 cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*
quagga quagga 0.96 cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*
quagga quagga 0.96.1 cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*
quagga quagga 0.96.2 cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*
quagga quagga 0.96.3 cpe:2.3:a:quagga:quagga:0.96.3:*:*:*:*:*:*:*
quagga quagga 0.96.4 cpe:2.3:a:quagga:quagga:0.96.4:*:*:*:*:*:*:*
quagga quagga 0.96.5 cpe:2.3:a:quagga:quagga:0.96.5:*:*:*:*:*:*:*
quagga quagga 0.97.0 cpe:2.3:a:quagga:quagga:0.97.0:*:*:*:*:*:*:*
quagga quagga 0.97.1 cpe:2.3:a:quagga:quagga:0.97.1:*:*:*:*:*:*:*
quagga quagga 0.97.2 cpe:2.3:a:quagga:quagga:0.97.2:*:*:*:*:*:*:*
quagga quagga 0.97.3 cpe:2.3:a:quagga:quagga:0.97.3:*:*:*:*:*:*:*
quagga quagga 0.97.4 cpe:2.3:a:quagga:quagga:0.97.4:*:*:*:*:*:*:*
quagga quagga 0.97.5 cpe:2.3:a:quagga:quagga:0.97.5:*:*:*:*:*:*:*
quagga quagga 0.98.0 cpe:2.3:a:quagga:quagga:0.98.0:*:*:*:*:*:*:*
quagga quagga 0.98.1 cpe:2.3:a:quagga:quagga:0.98.1:*:*:*:*:*:*:*
quagga quagga 0.98.2 cpe:2.3:a:quagga:quagga:0.98.2:*:*:*:*:*:*:*
quagga quagga 0.98.3 cpe:2.3:a:quagga:quagga:0.98.3:*:*:*:*:*:*:*
quagga quagga 0.98.4 cpe:2.3:a:quagga:quagga:0.98.4:*:*:*:*:*:*:*
quagga quagga 0.98.5 cpe:2.3:a:quagga:quagga:0.98.5:*:*:*:*:*:*:*
quagga quagga 0.98.6 cpe:2.3:a:quagga:quagga:0.98.6:*:*:*:*:*:*:*
quagga quagga 0.99.1 cpe:2.3:a:quagga:quagga:0.99.1:*:*:*:*:*:*:*
quagga quagga 0.99.2 cpe:2.3:a:quagga:quagga:0.99.2:*:*:*:*:*:*:*
quagga quagga 0.99.3 cpe:2.3:a:quagga:quagga:0.99.3:*:*:*:*:*:*:*
quagga quagga 0.99.4 cpe:2.3:a:quagga:quagga:0.99.4:*:*:*:*:*:*:*
quagga quagga 0.99.5 cpe:2.3:a:quagga:quagga:0.99.5:*:*:*:*:*:*:*
quagga quagga 0.99.6 cpe:2.3:a:quagga:quagga:0.99.6:*:*:*:*:*:*:*
quagga quagga 0.99.7 cpe:2.3:a:quagga:quagga:0.99.7:*:*:*:*:*:*:*
quagga quagga 0.99.8 cpe:2.3:a:quagga:quagga:0.99.8:*:*:*:*:*:*:*
quagga quagga 0.99.9 cpe:2.3:a:quagga:quagga:0.99.9:*:*:*:*:*:*:*
quagga quagga 0.99.10 cpe:2.3:a:quagga:quagga:0.99.10:*:*:*:*:*:*:*
quagga quagga 0.99.11 cpe:2.3:a:quagga:quagga:0.99.11:*:*:*:*:*:*:*
quagga quagga 0.99.12 cpe:2.3:a:quagga:quagga:0.99.12:*:*:*:*:*:*:*
quagga quagga 0.99.13 cpe:2.3:a:quagga:quagga:0.99.13:*:*:*:*:*:*:*
quagga quagga 0.99.14 cpe:2.3:a:quagga:quagga:0.99.14:*:*:*:*:*:*:*
quagga quagga 0.99.15 cpe:2.3:a:quagga:quagga:0.99.15:*:*:*:*:*:*:*
quagga quagga 0.99.16 cpe:2.3:a:quagga:quagga:0.99.16:*:*:*:*:*:*:*
quagga quagga 0.99.17 cpe:2.3:a:quagga:quagga:0.99.17:*:*:*:*:*:*:*

References for CVE-2011-3326

URL Tags
http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=6b161fc12a15aba8824c84d1eb38e529aaf70769
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html
http://rhn.redhat.com/errata/RHSA-2012-1258.html
http://rhn.redhat.com/errata/RHSA-2012-1259.html
http://secunia.com/advisories/46139 Vendor Advisory
http://secunia.com/advisories/46274
http://secunia.com/advisories/48106
http://security.gentoo.org/glsa/glsa-201202-02.xml
http://www.debian.org/security/2011/dsa-2316
http://www.kb.cert.org/vuls/id/668534 US Government Resource
http://www.quagga.net/download/quagga-0.99.19.changelog.txt
https://www.cert.fi/en/reports/2011/vulnerability539178.html
cvelogic Threat Intelligence