rpm package
suse/quagga&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-5381 | — | < 0.99.15-0.30.3.1 | 0.99.15-0.30.3.1 | Feb 19, 2018 | The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a | ||
| CVE-2018-5380 | — | < 0.99.15-0.30.3.1 | 0.99.15-0.30.3.1 | Feb 19, 2018 | The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. | ||
| CVE-2018-5379 | — | < 0.99.15-0.30.3.1 | 0.99.15-0.30.3.1 | Feb 19, 2018 | The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary | ||
| CVE-2018-5378 | — | < 0.99.15-0.30.3.1 | 0.99.15-0.30.3.1 | Feb 19, 2018 | The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash. | ||
| CVE-2017-16227 | Hig | 7.5 | < 0.99.15-0.30.3.1 | 0.99.15-0.30.3.1 | Oct 29, 2017 | The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid messa | |
| CVE-2016-1245 | Cri | 9.8 | < 0.99.15-0.29.1 | 0.99.15-0.29.1 | Feb 22, 2017 | It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent. | |
| CVE-2017-5495 | Hig | 7.5 | < 0.99.15-0.30.3.1 | 0.99.15-0.30.3.1 | Jan 24, 2017 | All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connec | |
| CVE-2016-4049 | Hig | 7.5 | < 0.99.15-0.24.2 | 0.99.15-0.24.2 | May 23, 2016 | The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet. | |
| CVE-2016-2342 | Hig | 8.1 | < 0.99.15-0.16.1 | 0.99.15-0.16.1 | Mar 17, 2016 | The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitr |
- CVE-2018-5381Feb 19, 2018affected < 0.99.15-0.30.3.1fixed 0.99.15-0.30.3.1
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a
- CVE-2018-5380Feb 19, 2018affected < 0.99.15-0.30.3.1fixed 0.99.15-0.30.3.1
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
- CVE-2018-5379Feb 19, 2018affected < 0.99.15-0.30.3.1fixed 0.99.15-0.30.3.1
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary
- CVE-2018-5378Feb 19, 2018affected < 0.99.15-0.30.3.1fixed 0.99.15-0.30.3.1
The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.
- affected < 0.99.15-0.30.3.1fixed 0.99.15-0.30.3.1
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid messa
- affected < 0.99.15-0.29.1fixed 0.99.15-0.29.1
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.
- affected < 0.99.15-0.30.3.1fixed 0.99.15-0.30.3.1
All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connec
- affected < 0.99.15-0.24.2fixed 0.99.15-0.24.2
The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.
- affected < 0.99.15-0.16.1fixed 0.99.15-0.16.1
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitr