CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0CVE-2016-4049 – quagga: denial of service vulnerability in BGP routing daemon
https://notcve.org/view.php?id=CVE-2016-4049
The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet. La función bgp_dump_routes_func en bgpd/bgp_dump.c en Quagga no lleva a cabo comprobaciones de tamaño cuando hay datos de envío, lo que podría permitir a atacantes remotos provocar una denegación de servicio (fallo de aserción y caída de demonio) a través de un paquete grande BGP. A denial of service flaw was found in the Quagga BGP routing daemon (bgpd). Under certain circumstances, a remote attacker could send a crafted packet to crash the bgpd daemon resulting in denial of service. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00062.html http://rhn.redhat.com/errata/RHSA-2017-0794.html http://www.debian.org/security/2016/dsa-3654 http://www.openwall.com/lists/oss-security/2016/04/27/7 http://www.securityfocus.com/bid/88561 http://www.securitytracker.com/id/1035699 https://lists.quagga.net/pipermail/quagga-dev/2016-February/014743.html https://lists.quagga.net/pipermail/quagga-dev/2016-January/014699.html https://security.gentoo.org/glsa/20 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 1%CPEs: 3EXPL: 0CVE-2016-2342 – quagga: VPNv4 NLRI parser memcpys to stack on unchecked length
https://notcve.org/view.php?id=CVE-2016-2342
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet. La función bgp_nlri_parse_vpnv4 en bgp_mplsvpn.c en el intérprete VPNv4 NLRI en bgpd en Quagga en versiones anteriores a 1.0.20160309, cuando se utiliza una determinada configuración VPNv4, confía en un campo de longitud de datos de rutas Labeled-VPN SAFI durante un copiado de datos, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (desbordamiento de buffer basado en pila) a través de un paquete manipulado. A stack-based buffer overflow flaw was found in the way the Quagga BGP routing daemon (bgpd) handled Labeled-VPN SAFI routes data. A remote attacker could use this flaw to crash the bgpd daemon resulting in denial of service. • http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442 http://lists.opensuse.org/opensuse-updates/2016-03/msg00102.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00117.html http://nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txt http://rhn.redhat.com/errata/RHSA-2017-0794.html http://www.debian.org/security/2016/dsa-3532 http://www.kb.cert.org/vuls/id/270232 http://www.oracle.com/technetwork/topics/security/bulletinapr20 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6051
https://notcve.org/view.php?id=CVE-2013-6051
The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update. La función bgp_attr_unknown en bgp_attr.c en Quagga 0.99.21 no inicializa correctamente la variable total, lo que permite a atacantes remotos provocar una denegación de servicio (caída bgpd) a través de una actualización manipulada de BGP. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730513 http://git.savannah.gnu.org/gitweb/?p=quagga.git%3Ba=commitdiff%3Bh=8794e8d229dc9fe29ea31424883433d4880ef408 http://www.debian.org/security/2013/dsa-2803 •
CVSS: 6.5EPSS: 5%CPEs: 2EXPL: 0CVE-2013-2236 – Quagga: OSPFD Potential remote code exec (stack based buffer overflow)
https://notcve.org/view.php?id=CVE-2013-2236
Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA. Desbordamiento de pila en la función new_msg_lsa_change_notify en OSPFD API (ospf_api.c) anterior a 0.99.222, cuando las opciones de línea de comandos --enable-opaque-lsa y -a son utilizadas, permite a atacantes rmeotos causar una denegación de servicio (crash) a través de un LSA grande. A stack-based buffer overflow flaw was found in the way the Quagga OSPFD daemon handled LSA (link-state advertisement) packets. A remote attacker could use this flaw to crash the ospfd daemon resulting in denial of service. • http://git.savannah.gnu.org/gitweb/?p=quagga.git%3Ba=commitdiff%3Bh=3f872fe60463a931c5c766dbf8c36870c0023e88 http://lists.quagga.net/pipermail/quagga-dev/2013-July/010622.html http://nongnu.mirrors.hostinginnederland.nl//quagga/quagga-0.99.22.3.changelog.txt http://rhn.redhat.com/errata/RHSA-2017-0794.html http://seclists.org/oss-sec/2013/q3/24 http://www.debian.org/security/2013/dsa-2803 http://www.securityfocus.com/bid/60955 http://www.ubuntu.com/usn/USN-2941-1 https:/&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 2.9EPSS: 1%CPEs: 41EXPL: 0CVE-2012-1820 – (bgpd): Assertion failure by processing BGP OPEN message with malformed ORF capability TLV (VU#962587)
https://notcve.org/view.php?id=CVE-2012-1820
The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message. La función bgp_capability_orf de bgpd de Quagga 0.99.20.1 y anteriores permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y finalización del demonio) basándose en una relación "BGP peering" y enviando información mal formada de "Outbound Route Filtering (ORF) capability TLV" en un mensaje OPEN. • http://rhn.redhat.com/errata/RHSA-2012-1259.html http://secunia.com/advisories/50941 http://www.debian.org/security/2012/dsa-2497 http://www.kb.cert.org/vuls/id/962587 http://www.securityfocus.com/bid/53775 http://www.ubuntu.com/usn/USN-1605-1 https://access.redhat.com/security/cve/CVE-2012-1820 https://bugzilla.redhat.com/show_bug.cgi?id=817580 •