High severity7.5NVD Advisory· Published May 23, 2016· Updated May 6, 2026

CVE-2016-4049

Description

The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.

Affected products

Quagga (software)/Quagga
cpe:2.3:a:quagga:quagga:-:*:*:*:*:*:*:*
OpenSUSE/Leap
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
OpenSUSE/openSUSE
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-updates/2016-05/msg00062.htmlnvd
rhn.redhat.com/errata/RHSA-2017-0794.htmlnvd
www.debian.org/security/2016/dsa-3654nvd
www.openwall.com/lists/oss-security/2016/04/27/7nvd
www.securityfocus.com/bid/88561nvd
www.securitytracker.com/id/1035699nvd
lists.quagga.net/pipermail/quagga-dev/2016-February/014743.htmlnvd
lists.quagga.net/pipermail/quagga-dev/2016-January/014699.htmlnvd
security.gentoo.org/glsa/201701-48nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000