Vulnerabilities > Quagga > Quagga > 0.99.22.3

DATE CVE VULNERABILITY TITLE RISK
2021-11-19 CVE-2021-44038 Link Following vulnerability in Quagga
An issue was discovered in Quagga through 1.2.4.
local
low complexity
quagga CWE-59
7.2
7.2
2018-02-19 CVE-2018-5381 Infinite Loop vulnerability in multiple products
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function.
network
low complexity
quagga canonical debian siemens CWE-835
5.0
5.0
2018-02-19 CVE-2018-5380 Out-of-bounds Read vulnerability in multiple products
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
network
low complexity
quagga debian canonical siemens CWE-125
4.0
4.0
2018-02-19 CVE-2018-5379 Double Free vulnerability in multiple products
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes.
network
low complexity
quagga debian canonical redhat siemens CWE-415
7.5
7.5
2018-02-19 CVE-2018-5378 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. 		4.9
4.9
2017-10-29 CVE-2017-16227 Improper Input Validation vulnerability in multiple products
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.
network
low complexity
quagga debian CWE-20
5.0
5.0
2017-02-22 CVE-2016-1245 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages.
network
low complexity
quagga debian CWE-119
7.5
7.5
2017-01-24 CVE-2017-5495 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Quagga
All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host.
network
low complexity
quagga CWE-119
7.8
7.8