CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2018-5380
https://notcve.org/view.php?id=CVE-2018-5380
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. El demonio Quagga BGP (bgpd), en versiones anteriores a la 1.2.3, puede saturar las tablas internas de conversión de código a cadena de BGP empleadas para depurar por un valor de puntero 1, basándose en las entradas. • http://savannah.nongnu.org/forum/forum.php?forum_id=9095 http://www.kb.cert.org/vuls/id/940439 https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1550.txt https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html https://security.gentoo.org/glsa/201804-17 https://usn.ubuntu.com/3573-1 https://www.debian.org/security/2018/dsa-4115 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2017-16227
https://notcve.org/view.php?id=CVE-2017-16227
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message. La función aspath_put en bgpd/bgp_aspath.c en Quagga en versiones anteriores a la 1.2.2 permite que los atacantes remotos provoquen una denegación de servicio (caída de sesión) mediante mensajes BGP Update, ya que el cálculo del tamaño de AS_PATH cuanta una serie de bytes dos veces y en consecuencia construye un menaje no válido. • http://download.savannah.gnu.org/releases/quagga/quagga-1.2.2.changelog.txt http://www.debian.org/security/2017/dsa-4011 https://bugs.debian.org/879474 https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008 https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 20%CPEs: 1EXPL: 0CVE-2017-5495 – quagga: Telnet interface input buffer allocates unbounded amounts of memory
https://notcve.org/view.php?id=CVE-2017-5495
All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface 'vty' input buffer grows automatically, without bound, so long as a newline is not entered. This allows an attacker to cause the Quagga daemon to allocate unbounded memory by sending very long strings without a newline. • http://rhn.redhat.com/errata/RHSA-2017-0794.html http://savannah.nongnu.org/forum/forum.php?forum_id=8783 http://www.securityfocus.com/bid/95745 http://www.securitytracker.com/id/1037688 https://github.com/freerangerouting/frr/pull/63 https://lists.quagga.net/pipermail/quagga-dev/2017-January/016586.html https://access.redhat.com/security/cve/CVE-2017-5495 https://bugzilla.redhat.com/show_bug.cgi?id=1416013 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2016-1245 – quagga: Buffer Overflow in IPv6 RA handling
https://notcve.org/view.php?id=CVE-2016-1245
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent. Se descubrió que el demonio zebra en Quagga en versiones anteriores a 1.0.20161017 sufrió un desbordamiento de búfer basado en pila al procesar mensajes de Neighbor Discovery de IPv6. La causa raíz radicaba en BUFSIZ para ser compatible con un tamaño de mensaje; sin embargo, BUFSIZ depende del sistema. A stack-based buffer overflow flaw was found in the way Quagga handled IPv6 router advertisement messages. • http://rhn.redhat.com/errata/RHSA-2017-0794.html http://www.gossamer-threads.com/lists/quagga/users/31952 http://www.securityfocus.com/bid/93775 https://bugzilla.redhat.com/show_bug.cgi?id=1386109 https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546 https://security.gentoo.org/glsa/201701-48 https://www.debian.org/security/2016/dsa-3695 https://access.redhat.com/security/cve/CVE-2016-1245 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 8.1EPSS: 1%CPEs: 3EXPL: 0CVE-2016-2342 – quagga: VPNv4 NLRI parser memcpys to stack on unchecked length
https://notcve.org/view.php?id=CVE-2016-2342
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet. La función bgp_nlri_parse_vpnv4 en bgp_mplsvpn.c en el intérprete VPNv4 NLRI en bgpd en Quagga en versiones anteriores a 1.0.20160309, cuando se utiliza una determinada configuración VPNv4, confía en un campo de longitud de datos de rutas Labeled-VPN SAFI durante un copiado de datos, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (desbordamiento de buffer basado en pila) a través de un paquete manipulado. A stack-based buffer overflow flaw was found in the way the Quagga BGP routing daemon (bgpd) handled Labeled-VPN SAFI routes data. A remote attacker could use this flaw to crash the bgpd daemon resulting in denial of service. • http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442 http://lists.opensuse.org/opensuse-updates/2016-03/msg00102.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00117.html http://nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txt http://rhn.redhat.com/errata/RHSA-2017-0794.html http://www.debian.org/security/2016/dsa-3532 http://www.kb.cert.org/vuls/id/270232 http://www.oracle.com/technetwork/topics/security/bulletinapr20 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •