CVE Tools

quagga

Networking Infrastructureoss-project

28

Cumulative CVEs

13

Monthly snapshots

#7

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting quagga.

CVE-2021-44038An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their pr...7.8Nov 19, 2021
CVE-2012-5521quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal6.5Nov 25, 2019
CVE-2017-3224Open Shortest Path First (OSPF) protocol implementations may improperly determine LSA recency in affected Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages)8.2Jul 24, 2018
CVE-2018-5381The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an i...6.5Feb 19, 2018
CVE-2018-5380The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.4.3Feb 19, 2018
CVE-2018-5379The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack co...7.5Feb 19, 2018
CVE-2018-5378The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may...7.1Feb 19, 2018
CVE-2017-16227The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for...7.5Oct 29, 2017
CVE-2016-1245It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUF...9.8Feb 22, 2017
CVE-2017-5495All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When...7.5Jan 24, 2017
CVE-2016-4049The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and...7.5May 23, 2016
CVE-2016-2342The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-da...8.1Mar 17, 2016
CVE-2013-6051The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted ...4.3Dec 14, 2013
CVE-2013-2236Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, all...2.6Oct 24, 2013
CVE-2012-1820The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relation...2.9Jun 13, 2012