Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Quagga
(Quagga)Repositories | https://github.com/Quagga/quagga |
#Vulnerabilities | 33 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2011-10-10 | CVE-2011-3325 | ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via (1) a 0x0a type field in an IPv4 packet header or (2) a truncated IPv4 Hello packet. | Quagga | N/A | ||
2011-10-10 | CVE-2011-3323 | The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon crash) via a Link State Update message with an invalid IPv6 prefix length. | Quagga | N/A | ||
2011-10-10 | CVE-2011-3324 | The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via trailing zero values in the Link State Advertisement (LSA) header list of an IPv6 Database Description message. | Quagga | N/A | ||
2013-10-24 | CVE-2013-2236 | Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA. | Quagga | N/A | ||
2013-12-14 | CVE-2013-6051 | The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update. | Quagga | N/A | ||
2010-09-10 | CVE-2010-2948 | Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message. | Quagga | N/A | ||
2010-09-10 | CVE-2010-2949 | bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message. | Quagga | N/A | ||
2019-11-25 | CVE-2012-5521 | quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal | Debian_linux, Quagga, Enterprise_linux | N/A | ||
2018-02-19 | CVE-2018-5381 | The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service. | Ubuntu_linux, Debian_linux, Quagga, Ruggedcom_rox_ii_firmware | 7.5 | ||
2018-02-19 | CVE-2018-5380 | The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. | Ubuntu_linux, Debian_linux, Quagga, Ruggedcom_rox_ii_firmware | 4.3 |