Vulnerabilities > Quagga > Quagga > 0.99.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-19 | CVE-2021-44038 | Link Following vulnerability in Quagga An issue was discovered in Quagga through 1.2.4. | 7.2 |
| 2018-02-19 | CVE-2018-5381 | Infinite Loop vulnerability in multiple products The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. | 5.0 |
| 2018-02-19 | CVE-2018-5380 | Out-of-bounds Read vulnerability in multiple products The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. | 4.0 |
| 2018-02-19 | CVE-2018-5379 | Double Free vulnerability in multiple products The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. | 7.5 |
| 2018-02-19 | CVE-2018-5378 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. | 4.9 |
| 2017-10-29 | CVE-2017-16227 | Improper Input Validation vulnerability in multiple products The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message. | 5.0 |
| 2017-02-22 | CVE-2016-1245 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. | 7.5 |
| 2017-01-24 | CVE-2017-5495 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Quagga All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. | 7.8 |
| 2012-06-13 | CVE-2012-1820 | Remote Denial Of Service vulnerability in Quagga bgpd 'bgp_capability_orf()' BGP OPEN Message The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message. | 2.9 |
| 2012-04-05 | CVE-2012-0255 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Quagga The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability). | 5.0 |