Vulnerabilities > Quagga > High

DATE CVE VULNERABILITY TITLE RISK
2021-11-19 CVE-2021-44038 Link Following vulnerability in Quagga
An issue was discovered in Quagga through 1.2.4.
local
low complexity
quagga CWE-59
7.2
2018-02-19 CVE-2018-5379 Double Free vulnerability in multiple products
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes.
network
low complexity
quagga debian canonical redhat siemens CWE-415
7.5
2017-02-22 CVE-2016-1245 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages.
network
low complexity
quagga debian CWE-119
7.5
2017-01-24 CVE-2017-5495 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Quagga
All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host.
network
low complexity
quagga CWE-119
7.8
2016-03-17 CVE-2016-2342 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet.
network
high complexity
quagga debian CWE-119
7.6