Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbitrary flags (e.g., -w, -q) via the q parameter. This can be exploited to cause a Denial of Service (DoS) by exhausting system resources.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Bird-lg-go 安全漏洞
Vulnerability Description
Bird-lg-go是Yuhui Xu个人开发者的一个BGP路由查询工具。 bird-lg-go 6187a4e之前版本存在安全漏洞,该漏洞源于traceroute模块使用shlex.Split解析用户输入时未经验证,可能导致远程攻击者通过q参数注入任意标志耗尽系统资源,引发拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A