Critical severity9.8NVD Advisory· Published Feb 22, 2017· Updated May 13, 2026

CVE-2016-1245

Description

It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.

Affected products

Chatwoot/Quagga Before 1.0.20161017v5
Range: Quagga before 1.0.20161017

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546nvdPatchThird Party Advisory
www.gossamer-threads.com/lists/quagga/users/31952nvdMailing ListMitigationThird Party Advisory
www.securityfocus.com/bid/93775nvdThird Party AdvisoryVDB Entry
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
www.debian.org/security/2016/dsa-3695nvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2017-0794.htmlnvd
security.gentoo.org/glsa/201701-48nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000