Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2016-1245

Published: 22/02/2017 Updated: 05/01/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Quagga

Vulnerability Summary

It exists that the zebra daemon in Quagga prior to 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

quagga quagga

debian debian linux 8.0

Vendor Advisories

Red Hat: Moderate: quagga security and bug fix update
Synopsis Moderate: quagga security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for quagga is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Debian CVElist Bug Report Logs: quagga: CVE-2016-1245: zebra: stack overrun in IPv6 RA receive code
Debian Bug report logs - #841162 quagga: CVE-2016-1245: zebra: stack overrun in IPv6 RA receive code Package: src:quagga; Maintainer for src:quagga is Brett Parker <iDunno@sommitrealweirdcouk>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 18 Oct 2016 07:57:01 UTC Severity: grave Tags: patch, sec ...
Ubuntu Security Notice: quagga vulnerability
Quagga could be made to crash if it received specially crafted network traffic ...
Debian Security Advisories: DSA-3695-1 quagga -- security update
It was discovered that the zebra daemon in the Quagga routing suite suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages For the stable distribution (jessie), this problem has been fixed in version 099231-1+deb8u3 We recommend that you upgrade your quagga packages ...

References

CWE-119https://www.debian.org/security/2016/dsa-3695https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546https://bugzilla.redhat.com/show_bug.cgi?id=1386109http://www.gossamer-threads.com/lists/quagga/users/31952http://www.securityfocus.com/bid/93775https://security.gentoo.org/glsa/201701-48http://rhn.redhat.com/errata/RHSA-2017-0794.htmlhttps://access.redhat.com/errata/RHSA-2017:0794https://usn.ubuntu.com/3110-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook