Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
quagga quagga - vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2021-44038
An issue exists in Quagga up to and including 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update.
Quagga Quagga
4.3
CVSSv2
CVE-2013-6051
The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote malicious users to cause a denial of service (bgpd crash) via a crafted BGP update.
Quagga Quagga 0.99.21
7.5
CVSSv2
CVE-2016-1245
It exists that the zebra daemon in Quagga prior to 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.
Quagga Quagga
Debian Debian Linux 8.0
2.1
CVSSv2
CVE-2003-0858
Zebra 0.93b and previous versions, and quagga prior to 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
Gnu Zebra
Quagga Quagga Routing Software Suite
4.3
CVSSv2
CVE-2017-3224
Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbe...
Quagga Quagga -
Suse Opensuse -
Suse Suse Linux -
Redhat Package Manager -
5
CVSSv2
CVE-2017-16227
The aspath_put function in bgpd/bgp_aspath.c in Quagga prior to 1.2.2 allows remote malicious users to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an inval...
Quagga Quagga
Debian Debian Linux 9.0
Debian Debian Linux 8.0
4.9
CVSSv2
CVE-2018-5378
The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.
Quagga Quagga
Debian Debian Linux 9.0
Debian Debian Linux 8.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 17.10
3.3
CVSSv2
CVE-2012-5521
quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal
Quagga Quagga 0.99.21
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux 6.0
4
CVSSv2
CVE-2018-5380
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
Quagga Quagga
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 17.10
Siemens Ruggedcom Rox Ii Firmware
5
CVSSv2
CVE-2018-5381
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does ...
Quagga Quagga
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 14.04
Debian Debian Linux 7.0
Debian Debian Linux 9.0
Debian Debian Linux 8.0
Siemens Ruggedcom Rox Ii Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »