CVE-2016-4049
quagga: denial of service vulnerability in BGP routing daemon
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.
La función bgp_dump_routes_func en bgpd/bgp_dump.c en Quagga no lleva a cabo comprobaciones de tamaño cuando hay datos de envío, lo que podría permitir a atacantes remotos provocar una denegación de servicio (fallo de aserción y caída de demonio) a través de un paquete grande BGP.
A denial of service flaw was found in the Quagga BGP routing daemon (bgpd). Under certain circumstances, a remote attacker could send a crafted packet to crash the bgpd daemon resulting in denial of service.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-04-20 CVE Reserved
- 2016-05-23 CVE Published
- 2023-04-26 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/04/27/7 | Mailing List |
|
| http://www.securityfocus.com/bid/88561 | Vdb Entry | |
| http://www.securitytracker.com/id/1035699 | Vdb Entry | |
| https://lists.quagga.net/pipermail/quagga-dev/2016-February/014743.html | Mailing List | |
| https://lists.quagga.net/pipermail/quagga-dev/2016-January/014699.html | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2016-05/msg00062.html | 2018-10-30 | |
| http://rhn.redhat.com/errata/RHSA-2017-0794.html | 2018-10-30 | |
| http://www.debian.org/security/2016/dsa-3654 | 2018-10-30 | |
| https://security.gentoo.org/glsa/201701-48 | 2018-10-30 | |
| https://access.redhat.com/security/cve/CVE-2016-4049 | 2017-03-21 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1331372 | 2017-03-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Quagga Search vendor "Quagga" | Quagga Search vendor "Quagga" for product "Quagga" | - | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 42.1 Search vendor "Opensuse" for product "Leap" and version "42.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.2 Search vendor "Opensuse" for product "Opensuse" and version "13.2" | - |
Affected
| ||||||