VYPR

rpm package

suse/quagga&distro=SUSE Linux Enterprise Software Development Kit 12

pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012

Vulnerabilities (2)

  • CVE-2016-4049HigMay 23, 2016
    affected < 0.99.22.1-12.1fixed 0.99.22.1-12.1

    The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.

  • CVE-2016-2342HigMar 17, 2016
    affected < 0.99.22.1-5.1fixed 0.99.22.1-5.1

    The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitr