Filtered by vendor Quagga
Subscribe
Total
36 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-3325 | 1 Quagga | 1 Quagga | 2018-01-05 | 5.0 MEDIUM | N/A |
ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via (1) a 0x0a type field in an IPv4 packet header or (2) a truncated IPv4 Hello packet. | |||||
CVE-2011-3327 | 1 Quagga | 1 Quagga | 2018-01-05 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity.c in bgpd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted BGP UPDATE message over IPv4. | |||||
CVE-2011-3324 | 1 Quagga | 1 Quagga | 2018-01-05 | 5.0 MEDIUM | N/A |
The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via trailing zero values in the Link State Advertisement (LSA) header list of an IPv6 Database Description message. | |||||
CVE-2017-5495 | 1 Quagga | 1 Quagga | 2018-01-04 | 7.8 HIGH | 7.5 HIGH |
All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface 'vty' input buffer grows automatically, without bound, so long as a newline is not entered. This allows an attacker to cause the Quagga daemon to allocate unbounded memory by sending very long strings without a newline. Eventually the daemon is terminated by the system, or the system itself runs out of memory. This is fixed in Quagga 1.1.1 and Free Range Routing (FRR) Protocol Suite 2017-01-10. | |||||
CVE-2016-1245 | 2 Debian, Quagga | 2 Debian Linux, Quagga | 2018-01-04 | 7.5 HIGH | 9.8 CRITICAL |
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent. | |||||
CVE-2016-2342 | 2 Debian, Quagga | 2 Debian Linux, Quagga | 2018-01-04 | 7.6 HIGH | 8.1 HIGH |
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet. | |||||
CVE-2013-2236 | 1 Quagga | 1 Quagga | 2018-01-04 | 2.6 LOW | N/A |
Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA. | |||||
CVE-2017-16227 | 2 Debian, Quagga | 2 Debian Linux, Quagga | 2017-11-18 | 5.0 MEDIUM | 7.5 HIGH |
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message. | |||||
CVE-2007-1995 | 1 Quagga | 1 Quagga | 2017-10-10 | 6.3 MEDIUM | N/A |
bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read. | |||||
CVE-2003-0859 | 5 Gnu, Intel, Quagga and 2 more | 7 Glibc, Zebra, Ia64 and 4 more | 2017-10-10 | 4.9 MEDIUM | N/A |
The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. | |||||
CVE-2003-0858 | 2 Gnu, Quagga | 2 Zebra, Quagga Routing Software Suite | 2017-10-10 | 2.1 LOW | N/A |
Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. | |||||
CVE-2009-1572 | 1 Quagga | 1 Quagga | 2017-08-16 | 5.0 MEDIUM | N/A |
The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error. | |||||
CVE-2007-4826 | 1 Quagga | 1 Quagga | 2017-07-28 | 3.5 LOW | N/A |
bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled. | |||||
CVE-2003-0795 | 3 Gnu, Quagga, Sgi | 3 Zebra, Quagga, Propack | 2016-10-17 | 5.0 MEDIUM | N/A |
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference. | |||||
CVE-2013-6051 | 1 Quagga | 1 Quagga | 2013-12-16 | 4.3 MEDIUM | N/A |
The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update. | |||||
CVE-2012-1820 | 1 Quagga | 1 Quagga | 2013-03-01 | 2.9 LOW | N/A |
The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message. |