Vulnerabilities > Quagga > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-19 | CVE-2021-44038 | Link Following vulnerability in Quagga An issue was discovered in Quagga through 1.2.4. | 7.2 |
| 2018-02-19 | CVE-2018-5379 | Double Free vulnerability in multiple products The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. | 7.5 |
| 2017-02-22 | CVE-2016-1245 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. | 7.5 |
| 2017-01-24 | CVE-2017-5495 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Quagga All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. | 7.8 |
| 2016-03-17 | CVE-2016-2342 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet. | 7.6 |