| Max CVSS | 7.8 | Min CVSS | 2.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-4049 | 5.0 |
The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.
|
30-10-2018 - 16:27 | 23-05-2016 - 19:59 | |
| CVE-2017-5495 | 7.8 |
All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI
|
05-01-2018 - 02:31 | 24-01-2017 - 07:59 | |
| CVE-2016-2342 | 7.6 |
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remo
|
05-01-2018 - 02:30 | 17-03-2016 - 14:59 | |
| CVE-2016-1245 | 7.5 |
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BU
|
05-01-2018 - 02:30 | 22-02-2017 - 23:59 | |
| CVE-2013-2236 | 2.6 |
Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (cr
|
05-01-2018 - 02:29 | 24-10-2013 - 03:48 |