CVSS: 7.5EPSS: 3%CPEs: 37EXPL: 0CVE-2010-1674 – quagga: DoS (crash) by processing malformed extended community attribute in a route
https://notcve.org/view.php?id=CVE-2010-1674
29 Mar 2011 — The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute. El parser "extended-community" de bgpd de Quagga en versiones anteriores a la 0.99.18 permite a atacantes remotos provocar una denegación de servicio (resolución de puntero NULL y caída de la aplicación) a través de un atributo "Extended Communities" mal formado. • http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html •
CVSS: 7.5EPSS: 3%CPEs: 37EXPL: 0CVE-2010-1675 – quagga: BGP session reset by processing BGP Update message with malformed AS-path attributes
https://notcve.org/view.php?id=CVE-2010-1675
29 Mar 2011 — bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute. bgpd de Quagga en versiones anteriores a la 0.99.18 permite a atacantes remotos provocar una denegación de servicio (reinicio de la sesión) a traés de un atributo de ruta AS_PATHLIMIT mal formado. • http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 7%CPEs: 36EXPL: 0CVE-2010-2948 – (bgpd): Stack buffer overflow by processing certain Route-Refresh messages
https://notcve.org/view.php?id=CVE-2010-2948
10 Sep 2010 — Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message. Desbordamiento de búfer basado en pila en la función bgp_route_refresh_receive en bgp_packet.c en bgpd en Quagga anterior a v0.99.17, permite a usuarios remotos autenticados provocar una de... • http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 4%CPEs: 36EXPL: 0CVE-2010-2949 – (bgpd): DoS (crash) while processing certain BGP update AS path messages
https://notcve.org/view.php?id=CVE-2010-2949
10 Sep 2010 — bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message. bgpd en Quagga anteriores a v0.99.17 no realiza el análisis sintáctico las rutas AS, lo que permite a atacantes remotos provocar una denegación de servicio (desreferencia de puntero NULL y caída del demonio) a través de un tipo AS desconocido en un atributo AS en un mensaj... • http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=cddb8112b80fa9867156c637d63e6e79eeac67bb •
CVSS: 7.5EPSS: 11%CPEs: 31EXPL: 3CVE-2009-1572
https://notcve.org/view.php?id=CVE-2009-1572
06 May 2009 — The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error. El demonio BGP (bgpd) in Quagga v0.99.11 y anteriores, permite a atacantes remotos provocar una denegación de servicio (caída) a través de una ruta AS que contiene elementos ASN cuya representación de cadena es mayor que la esperada, lo que provoca un error de aserción. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311 •
CVSS: 7.5EPSS: 1%CPEs: 28EXPL: 0CVE-2007-4826 – quagga bgpd DoS
https://notcve.org/view.php?id=CVE-2007-4826
12 Sep 2007 — bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled. bgpd en Quagga versiones anteriores a 0.99.9, permite que los peers BGP configurados explícitamente causen una denegación de servicio (bloqueo) por medio de (1) mensaje OPEN malformado o (2) un atributo COMMUNITY malformado, que desencadena una de... • http://fedoranews.org/updates/FEDORA-2007-219.shtml •
CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 0CVE-2007-1995 – Quagga bgpd DoS
https://notcve.org/view.php?id=CVE-2007-1995
12 Apr 2007 — bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read. bgpd/bgp_attr.c en Quagga 0.98.6 y versiones anteriores, y 0.99.6 y versiones 0.99 anteriores, no validan la longitud de los valores en los atributos MP_REACH_NLRI y MP_UNREACH_N... • http://bugzilla.quagga.net/show_bug.cgi?id=354 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2006-2276
https://notcve.org/view.php?id=CVE-2006-2276
09 May 2006 — bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface. • ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 13%CPEs: 2EXPL: 2CVE-2006-2223 – Quagga Routing Software Suite 0.9x - RIPd RIPv1 Request Routing Table Disclosure
https://notcve.org/view.php?id=CVE-2006-2223
05 May 2006 — RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE. RIPd en Quagga 0.98 y 0.99 anteriores a 20060503 no implementa adecuadamente configuraciones que (1) deshabiliten RIPv1 o (2) necesiten autenticación MD5 o en texto plano, lo que permite a atacantes remotos obtener información sensibl... • https://www.exploit-db.com/exploits/27801 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 8%CPEs: 11EXPL: 1CVE-2003-0795 – GNU Zebra 0.9x / Quagga 0.96 - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2003-0795
18 Nov 2003 — The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference. La capa vty en Quagga anteriores a 0.96.4, y Zebra anteriores a 0.91, no verifica si se está llevando a cabo una sub-negociación cuando procesa el marcador SE, lo que permite a atacantes remotos causa... • https://www.exploit-db.com/exploits/23375 • CWE-20: Improper Input Validation •