CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44038
https://notcve.org/view.php?id=CVE-2021-44038
19 Nov 2021 — An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update. Se ha detectado un problema en Quagga versiones hasta 1.2.4. Unas operaciones no seguras de chown/chmod en el archivo de especificaciones sugerido permiten a usuarios (con control del directorio /etc/quagga, que no es propiedad de root) escalar sus privilegios ... • https://bugzilla.suse.com/show_bug.cgi?id=1191890 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2012-5521
https://notcve.org/view.php?id=CVE-2012-5521
25 Nov 2019 — quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal quagga (ospf6d) versión 0.99.21, presenta un fallo de tipo DoS en la manera en que el demonio ospf6d realiza la eliminación de rutas. • http://www.openwall.com/lists/oss-security/2012/11/13/14 • CWE-617: Reachable Assertion •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2017-3224 – Open Shortest Path First (OSPF) protocol implementations may improperly determine LSA recency in affected Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages)
https://notcve.org/view.php?id=CVE-2017-3224
24 Jul 2018 — Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does n... • https://www.kb.cert.org/vuls/id/793496 • CWE-345: Insufficient Verification of Data Authenticity CWE-354: Improper Validation of Integrity Check Value •
CVSS: 4.3EPSS: 3%CPEs: 9EXPL: 0CVE-2018-5380 – Gentoo Linux Security Advisory 201804-17
https://notcve.org/view.php?id=CVE-2018-5380
15 Feb 2018 — The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. El demonio Quagga BGP (bgpd), en versiones anteriores a la 1.2.3, puede saturar las tablas internas de conversión de código a cadena de BGP empleadas para depurar por un valor de puntero 1, basándose en las entradas. It was discovered that a double-free vulnerability existed in the Quagga BGP daemon when processing certain forms of UPDATE message. A... • http://savannah.nongnu.org/forum/forum.php?forum_id=9095 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 5%CPEs: 9EXPL: 0CVE-2018-5381 – Gentoo Linux Security Advisory 201804-17
https://notcve.org/view.php?id=CVE-2018-5381
15 Feb 2018 — The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service. El demonio Quagga BGP (bgpd), en versiones anteriores a la 1.2.3, tiene un error en su análisis de "Capabilities" en los mensajes BGP OPEN, en la función bgp_packet.c:bgp_capability... • http://savannah.nongnu.org/forum/forum.php?forum_id=9095 • CWE-228: Improper Handling of Syntactically Invalid Structure CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 3%CPEs: 18EXPL: 0CVE-2018-5379 – quagga: Double free vulnerability in bgpd when processing certain forms of UPDATE message allowing to crash or potentially execute arbitrary code
https://notcve.org/view.php?id=CVE-2018-5379
15 Feb 2018 — The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code. El demonio Quagga BGP (bgpd), en versiones anteriores a la 1.2.3, puede realizar una doble liberación (double free) de memoria al procesar ciertos formularios de un mensaje UPDATE que contienen atributos cluster-list y/o desc... • http://savannah.nongnu.org/forum/forum.php?forum_id=9095 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.1EPSS: 43%CPEs: 6EXPL: 0CVE-2018-5378 – Gentoo Linux Security Advisory 201804-17
https://notcve.org/view.php?id=CVE-2018-5378
15 Feb 2018 — The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash. El demonio Quagga BGP (bgpd), en versiones anteriores a la 1.2.3, no comprueba correctamente los límites de los datos enviados mediante NOTIFY a un peer, si una longitud de atributo es inválida. Los datos arbitrarios del proceso bgpd podrían enviarse a tra... • http://savannah.nongnu.org/forum/forum.php?forum_id=9095 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2017-16227 – Ubuntu Security Notice USN-3471-1
https://notcve.org/view.php?id=CVE-2017-16227
29 Oct 2017 — The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message. La función aspath_put en bgpd/bgp_aspath.c en Quagga en versiones anteriores a la 1.2.2 permite que los atacantes remotos provoquen una denegación de servicio (caída de sesión) mediante mensajes BGP Update, ya que el cálculo del... • http://download.savannah.gnu.org/releases/quagga/quagga-1.2.2.changelog.txt • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 20%CPEs: 1EXPL: 0CVE-2017-5495 – quagga: Telnet interface input buffer allocates unbounded amounts of memory
https://notcve.org/view.php?id=CVE-2017-5495
24 Jan 2017 — All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface 'vty' input buffer grows automatically,... • http://rhn.redhat.com/errata/RHSA-2017-0794.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2016-1245 – quagga: Buffer Overflow in IPv6 RA handling
https://notcve.org/view.php?id=CVE-2016-1245
19 Oct 2016 — It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent. Se descubrió que el demonio zebra en Quagga en versiones anteriores a 1.0.20161017 sufrió un desbordamiento de búfer basado en pila al procesar mensajes de Neighbor Discovery de IPv6. La causa raíz radicaba en BUFSIZ para ser compatible... • http://rhn.redhat.com/errata/RHSA-2017-0794.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •