Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.1
CVSSv3

CVE-2016-2342

Published: 17/03/2016 Updated: 05/01/2018
CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 676
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Summary

The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga prior to 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote malicious users to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet.

Vulnerable Product Search on Vulmon Subscribe to Product

quagga quagga 0.99.24

debian debian linux 7.0

debian debian linux 8.0

Vendor Advisories

Red Hat: Moderate: quagga security and bug fix update
Synopsis Moderate: quagga security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for quagga is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Ubuntu Security Notice: quagga vulnerabilities
Quagga could be made to crash or run programs if it received specially crafted network traffic ...
Debian CVElist Bug Report Logs: quagga: CVE-2016-2342
Debian Bug report logs - #819179 quagga: CVE-2016-2342 Package: src:quagga; Maintainer for src:quagga is Brett Parker <iDunno@sommitrealweirdcouk>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 24 Mar 2016 14:57:02 UTC Severity: grave Tags: fixed-upstream, patch, security, upstream Found in vers ...
Debian Security Advisories: DSA-3532-1 quagga -- security update
Kostya Kortchinsky discovered a stack-based buffer overflow vulnerability in the VPNv4 NLRI parser in bgpd in quagga, a BGP/OSPF/RIP routing daemon A remote attacker can exploit this flaw to cause a denial of service (daemon crash), or potentially, execution of arbitrary code, if bgpd is configured with BGP peers enabled for VPNv4 For the oldstab ...
Red Hat: CVE-2016-2342
A stack-based buffer overflow flaw was found in the way the Quagga BGP routing daemon (bgpd) handled Labeled-VPN SAFI routes data A remote attacker could use this flaw to crash the bgpd daemon resulting in denial of service ...

References

CWE-119http://www.kb.cert.org/vuls/id/270232http://nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txthttp://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442http://www.debian.org/security/2016/dsa-3532http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.securityfocus.com/bid/84318http://lists.opensuse.org/opensuse-updates/2016-03/msg00117.htmlhttp://lists.opensuse.org/opensuse-updates/2016-03/msg00102.htmlhttp://www.ubuntu.com/usn/USN-2941-1https://security.gentoo.org/glsa/201610-03http://rhn.redhat.com/errata/RHSA-2017-0794.htmlhttps://access.redhat.com/errata/RHSA-2017:0794https://usn.ubuntu.com/2941-1/https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/270232
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4956validationCVE-2024-35221remote attackersCVE-2023-30309CVE-2024-36112CVE-2024-23109CVE-2023-43850stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook