Vulnerabilities > Quagga > Quagga > 0.98.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-04-05 | CVE-2012-0250 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Quagga Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field. | 3.3 |
| 2012-04-05 | CVE-2012-0249 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Quagga Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header. | 3.3 |
| 2011-03-29 | CVE-2010-1675 | Resource Management Errors vulnerability in Quagga bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute. | 5.0 |
| 2011-03-29 | CVE-2010-1674 | Denial Of Service vulnerability in Quagga BGP Daemon Null Pointer Deference The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute. | 5.0 |
| 2009-05-06 | CVE-2009-1572 | Remote Denial Of Service vulnerability in Quagga Autonomous System Number The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error. | 5.0 |
| 2007-09-12 | CVE-2007-4826 | Denial Of Service vulnerability in Quagga Routing Suite bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. network quagga | 3.5 |
| 2007-04-12 | CVE-2007-1995 | Improper Input Validation vulnerability in Quagga bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read. | 6.3 |
| 2006-05-10 | CVE-2006-2276 | Resource Management Errors vulnerability in Quagga 0.98.5/0.99.3 bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface. | 4.9 |
| 2006-05-05 | CVE-2006-2223 | Improper Input Validation vulnerability in Quagga 0.98.5/0.99.3 RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE. | 5.0 |