Filtered by vendor Quagga
Subscriptions
Total
36 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2011-3326 | 2 Quagga, Redhat | 2 Quagga, Enterprise Linux | 2024-08-06 | N/A |
The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via an invalid Link State Advertisement (LSA) type in an IPv4 Link State Update message. | ||||
CVE-2011-3325 | 2 Quagga, Redhat | 2 Quagga, Enterprise Linux | 2024-08-06 | N/A |
ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via (1) a 0x0a type field in an IPv4 packet header or (2) a truncated IPv4 Hello packet. | ||||
CVE-2012-5521 | 3 Debian, Quagga, Redhat | 3 Debian Linux, Quagga, Enterprise Linux | 2024-08-06 | 6.5 Medium |
quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal | ||||
CVE-2012-1820 | 2 Quagga, Redhat | 2 Quagga, Enterprise Linux | 2024-08-06 | N/A |
The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message. | ||||
CVE-2012-0250 | 2 Quagga, Redhat | 2 Quagga, Enterprise Linux | 2024-08-06 | N/A |
Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field. | ||||
CVE-2012-0255 | 2 Quagga, Redhat | 2 Quagga, Enterprise Linux | 2024-08-06 | N/A |
The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability). | ||||
CVE-2012-0249 | 2 Quagga, Redhat | 2 Quagga, Enterprise Linux | 2024-08-06 | N/A |
Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header. | ||||
CVE-2013-6051 | 1 Quagga | 1 Quagga | 2024-08-06 | N/A |
The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update. | ||||
CVE-2013-2236 | 2 Quagga, Redhat | 2 Quagga, Enterprise Linux | 2024-08-06 | N/A |
Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA. | ||||
CVE-2016-4049 | 3 Opensuse, Quagga, Redhat | 4 Leap, Opensuse, Quagga and 1 more | 2024-08-06 | N/A |
The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet. | ||||
CVE-2016-2342 | 3 Debian, Quagga, Redhat | 3 Debian Linux, Quagga, Enterprise Linux | 2024-08-05 | N/A |
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet. | ||||
CVE-2016-1245 | 3 Debian, Quagga, Redhat | 3 Debian Linux, Quagga, Enterprise Linux | 2024-08-05 | N/A |
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent. | ||||
CVE-2017-16227 | 2 Debian, Quagga | 2 Debian Linux, Quagga | 2024-08-05 | N/A |
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message. | ||||
CVE-2017-5495 | 2 Quagga, Redhat | 2 Quagga, Enterprise Linux | 2024-08-05 | N/A |
All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface 'vty' input buffer grows automatically, without bound, so long as a newline is not entered. This allows an attacker to cause the Quagga daemon to allocate unbounded memory by sending very long strings without a newline. Eventually the daemon is terminated by the system, or the system itself runs out of memory. This is fixed in Quagga 1.1.1 and Free Range Routing (FRR) Protocol Suite 2017-01-10. | ||||
CVE-2017-3224 | 3 Quagga, Redhat, Suse | 4 Quagga, Package Manager, Opensuse and 1 more | 2024-08-05 | N/A |
Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a 'newer' LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages). | ||||
CVE-2021-44038 | 1 Quagga | 1 Quagga | 2024-08-04 | 7.8 High |
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update. |