Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2016-4049

Published: 23/05/2016 Updated: 30/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Quagga

Vulnerability Summary

The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote malicious users to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.

Vulnerable Product Search on Vulmon Subscribe to Product

quagga quagga -

opensuse leap 42.1

opensuse opensuse 13.2

Vendor Advisories

Red Hat: Moderate: quagga security and bug fix update
Synopsis Moderate: quagga security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for quagga is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Ubuntu Security Notice: quagga vulnerabilities
Several security issues were fixed in Quagga ...
Debian CVElist Bug Report Logs: quagga: CVE-2016-4049: Missing size check in bgp_dump_routes_func in bgpd/bgp_dump.c allowing DoS
Debian Bug report logs - #822787 quagga: CVE-2016-4049: Missing size check in bgp_dump_routes_func in bgpd/bgp_dumpc allowing DoS Package: src:quagga; Maintainer for src:quagga is Brett Parker <iDunno@sommitrealweirdcouk>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 27 Apr 2016 14:06:02 UTC Se ...
Debian CVElist Bug Report Logs: quagga: CVE-2016-4036
Debian Bug report logs - #835223 quagga: CVE-2016-4036 Package: src:quagga; Maintainer for src:quagga is Brett Parker <iDunno@sommitrealweirdcouk>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 23 Aug 2016 16:30:10 UTC Severity: important Tags: security Found in versions quagga/099224-1, quag ...
Debian Security Advisories: DSA-3654-1 quagga -- security update
Two vulnerabilities were discovered in quagga, a BGP/OSPF/RIP routing daemon CVE-2016-4036 Tamás Németh discovered that sensitive configuration files in /etc/quagga were world-readable despite containing sensitive information CVE-2016-4049 Evgeny Uskov discovered that a bgpd instance handling many peers could be cras ...
Red Hat: CVE-2016-4049
A denial of service flaw was found in the Quagga BGP routing daemon (bgpd) Under certain circumstances, a remote attacker could send a crafted packet to crash the bgpd daemon resulting in denial of service ...

References

CWE-20http://www.openwall.com/lists/oss-security/2016/04/27/7http://lists.opensuse.org/opensuse-updates/2016-05/msg00062.htmlhttp://www.securitytracker.com/id/1035699https://lists.quagga.net/pipermail/quagga-dev/2016-February/014743.htmlhttps://lists.quagga.net/pipermail/quagga-dev/2016-January/014699.htmlhttp://www.debian.org/security/2016/dsa-3654http://www.securityfocus.com/bid/88561https://security.gentoo.org/glsa/201701-48http://rhn.redhat.com/errata/RHSA-2017-0794.htmlhttps://access.redhat.com/errata/RHSA-2017:0794https://usn.ubuntu.com/3102-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook