{"id":"CVE-2019-16159","details":"BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed.","modified":"2026-03-11T07:50:58.493612346Z","published":"2019-09-09T15:15:12.623Z","related":["openSUSE-SU-2019:2178-1","openSUSE-SU-2019:2180-1","openSUSE-SU-2024:10652-1","openSUSE-SU-2025:15072-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F23NNAPXX65MGJQBPPTVGRV3T4XCKBV/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MCVNQJBZYGGNAJNGOFEBE3IAJME2QIZB/"},{"type":"ADVISORY","url":"http://bird.network.cz"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00063.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00065.html"},{"type":"ADVISORY","url":"http://trubka.network.cz/pipermail/bird-users/2019-September/013718.html"},{"type":"ADVISORY","url":"http://trubka.network.cz/pipermail/bird-users/2019-September/013720.html"},{"type":"ADVISORY","url":"http://trubka.network.cz/pipermail/bird-users/2019-September/013722.html"},{"type":"ADVISORY","url":"https://gitlab.labs.nic.cz/labs/bird/commit/1657c41c96b3c07d9265b07dd4912033ead4124b"},{"type":"ADVISORY","url":"https://gitlab.labs.nic.cz/labs/bird/commit/8388f5a7e14108a1458fea35bfbb5a453e2c563c"},{"type":"ADVISORY","url":"https://seclists.org/bugtraq/2019/Sep/34"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4528"},{"type":"FIX","url":"https://gitlab.labs.nic.cz/labs/bird/commit/1657c41c96b3c07d9265b07dd4912033ead4124b"},{"type":"FIX","url":"https://gitlab.labs.nic.cz/labs/bird/commit/8388f5a7e14108a1458fea35bfbb5a453e2c563c"},{"type":"ARTICLE","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00063.html"},{"type":"ARTICLE","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00065.html"},{"type":"ARTICLE","url":"https://seclists.org/bugtraq/2019/Sep/34"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.nic.cz/labs/bird","events":[{"introduced":"0"},{"fixed":"1657c41c96b3c07d9265b07dd4912033ead4124b"},{"introduced":"0"},{"fixed":"8388f5a7e14108a1458fea35bfbb5a453e2c563c"}]}],"versions":["v1.2.0","v1.2.1","v1.2.2","v1.2.3","v1.3.0","v1.3.1","v1.3.10","v1.3.11","v1.3.2","v1.3.3","v1.3.4","v1.3.5","v1.3.6","v1.3.7","v1.3.8","v1.3.9","v1.4.0","v1.4.1","v1.4.2","v1.4.3","v1.4.4","v1.4.5","v1.5.0","v1.6.0","v1.6.1","v1.6.2","v1.6.3","v1.6.4","v1.6.5","v1.6.6","v1.6.7","v2.0.0","v2.0.0-pre0","v2.0.0-pre1","v2.0.1","v2.0.2","v2.0.3","v2.0.4","v2.0.5"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","source":"https://gitlab.nic.cz/labs/bird@8388f5a7e14108a1458fea35bfbb5a453e2c563c","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["216893417837476986888965276365877246422","223445219091451626815491961387763006748","321385252695183225000492290604323630133","240393356610038048681844503473819906720","4383943790272205345412568721163061337","276441775111768339359338816026274139390","84258977817401017440276937716070434403","295253454909988706774094035716076630568"]},"target":{"file":"proto/bgp/packets.c"},"id":"CVE-2019-16159-19bde9a3","deprecated":false},{"signature_version":"v1","source":"https://gitlab.nic.cz/labs/bird@8388f5a7e14108a1458fea35bfbb5a453e2c563c","target":{"file":"proto/bgp/packets.c","function":"bgp_handle_message"},"digest":{"length":448,"function_hash":"130779972019287339614087948162341524144"},"signature_type":"Function","id":"CVE-2019-16159-62d9e0ec","deprecated":false},{"signature_version":"v1","source":"https://gitlab.nic.cz/labs/bird@1657c41c96b3c07d9265b07dd4912033ead4124b","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["216893417837476986888965276365877246422","223445219091451626815491961387763006748","321385252695183225000492290604323630133","240393356610038048681844503473819906720","255920384722461930579550090089086617062","38099894567800398323843450381818194066","84125401342413400062944322038071946879","70697898021381015989562920937856652083"]},"target":{"file":"proto/bgp/packets.c"},"id":"CVE-2019-16159-c1c649bd","deprecated":false},{"signature_version":"v1","source":"https://gitlab.nic.cz/labs/bird@1657c41c96b3c07d9265b07dd4912033ead4124b","signature_type":"Function","digest":{"length":448,"function_hash":"130779972019287339614087948162341524144"},"target":{"file":"proto/bgp/packets.c","function":"bgp_handle_message"},"id":"CVE-2019-16159-ffdc3bfd","deprecated":false}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-16159.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}