Vulnerabilities > Quagga

DATE CVE VULNERABILITY TITLE RISK
2016-05-23 CVE-2016-4049 Improper Input Validation vulnerability in multiple products
The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.
network
low complexity
quagga opensuse CWE-20
5.0
2016-03-17 CVE-2016-2342 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet.
network
high complexity
quagga debian CWE-119
7.6
2012-06-13 CVE-2012-1820 Remote Denial Of Service vulnerability in Quagga bgpd 'bgp_capability_orf()' BGP OPEN Message
The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.
2.9
2012-04-05 CVE-2012-0255 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Quagga
The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability).
network
low complexity
quagga CWE-119
5.0
2012-04-05 CVE-2012-0250 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Quagga
Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field.
low complexity
quagga CWE-119
3.3
2012-04-05 CVE-2012-0249 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Quagga
Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header.
low complexity
quagga CWE-119
3.3
2011-03-29 CVE-2010-1675 Resource Management Errors vulnerability in Quagga
bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute.
network
low complexity
quagga CWE-399
5.0
2011-03-29 CVE-2010-1674 Denial Of Service vulnerability in Quagga BGP Daemon Null Pointer Deference
The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute.
network
low complexity
quagga
5.0
2009-05-06 CVE-2009-1572 Remote Denial Of Service vulnerability in Quagga Autonomous System Number
The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.
network
low complexity
quagga
5.0
2007-09-12 CVE-2007-4826 Denial Of Service vulnerability in Quagga Routing Suite
bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference.
network
quagga
3.5