// For flags

CVE-2017-5495

quagga: Telnet interface input buffer allocates unbounded amounts of memory

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface 'vty' input buffer grows automatically, without bound, so long as a newline is not entered. This allows an attacker to cause the Quagga daemon to allocate unbounded memory by sending very long strings without a newline. Eventually the daemon is terminated by the system, or the system itself runs out of memory. This is fixed in Quagga 1.1.1 and Free Range Routing (FRR) Protocol Suite 2017-01-10.

Todas las versiones de Quagga, 0.93 hasta la versión 1.1.0, son vulnerables a una asignación de memoria ilimitada en la CLI de telnet 'vty', conduciendo a una denegación de servicio de los demonios de Quagga, o incluso a todo el host. Cuando los demonios de Quagga son configurados con su CLI de telnet habilitada, cualquiera que pueda conectarse a los puertos TCP puede desencadenar esta vulnerabilidad antes de la autenticación. La mayoría de las distribuciones restringen la interfaz de telnet de Quagga para el acceso local sólo por defecto. El búfer de entrada 'vty' de la interfaz de telnet de Quagga crece automáticamente, sin limite, siempre y cuando no se introduzca una nueva línea. Esto permite a un atacante hacer que el demonio de Quagga asigne memoria ilimitada enviando cadenas muy largas sin una nueva línea. Eventualmente el demonio es finalizado por el sistema, o el propio sistema se queda sin memoria. Esto se corrige en Quagga 1.1.1 y Free Range Routing (FRR) Protocol Suite 2017-01-10.

A denial of service flaw affecting various daemons in Quagga was found. A remote attacker could use this flaw to cause the various Quagga daemons, which expose their telnet interface, to crash.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-01-15 CVE Reserved
  • 2017-01-24 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-08-08 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Quagga
Search vendor "Quagga"
 Quagga
Search vendor "Quagga" for product "Quagga"
 <= 1.1.0
Search vendor "Quagga" for product "Quagga" and version " <= 1.1.0"
-
Affected