{"id":"UBUNTU-CVE-2019-16159","details":"BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed.","modified":"2025-07-16T08:23:50.131293Z","published":"2019-09-09T15:15:00Z","withdrawn":"2025-07-18T16:45:20Z","upstream":["CVE-2019-16159"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-16159"},{"type":"REPORT","url":"https://gitlab.labs.nic.cz/labs/bird/commit/1657c41c96b3c07d9265b07dd4912033ead4124b"},{"type":"REPORT","url":"https://gitlab.labs.nic.cz/labs/bird/commit/8388f5a7e14108a1458fea35bfbb5a453e2c563c"},{"type":"REPORT","url":"http://bird.network.cz"},{"type":"REPORT","url":"http://trubka.network.cz/pipermail/bird-users/2019-September/013718.html"},{"type":"REPORT","url":"http://trubka.network.cz/pipermail/bird-users/2019-September/013720.html"},{"type":"REPORT","url":"http://trubka.network.cz/pipermail/bird-users/2019-September/013722.html"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2019-16159"}],"affected":[{"package":{"name":"bird","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/bird@1.6.8-1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.8-1"}]}],"versions":["1.6.7-1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"bird","binary_version":"1.6.8-1"},{"binary_name":"bird-bgp","binary_version":"1.6.8-1"},{"binary_name":"bird-dbgsym","binary_version":"1.6.8-1"},{"binary_name":"bird-doc","binary_version":"1.6.8-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-16159.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}