CVE-2016-1245

CWE-119 — Buffer Overflow CWE-121 — Stack-based Buffer Overflow9 documents7 sources

Severity

9.8CRITICAL

EPSS

1.2%

top 21.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Quagga Quagga Debian Debian Linux

Timeline

PublishedFeb 22

Latest updateMay 14

Description

It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5quagga_before_1.0.20161017Quagga before 1.0.20161017

▶Ubuntuquagga< 0.99.22.4-3ubuntu1.3+1

▶NVDquagga/quagga1.0.20160315

Also affects: Debian Linux 8.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-578j-w5r9-87q8: It was discovered that the zebra daemon in Quagga before 1↗2022-05-14

▶

CVEList

CVE-2016-1245: It was discovered that the zebra daemon in Quagga before 1↗2017-02-22

▶

OSV

CVE-2016-1245: It was discovered that the zebra daemon in Quagga before 1↗2016-10-18

▶

📋Vendor Advisories

Ubuntu

Quagga vulnerability↗2016-10-25

▶

Red Hat

quagga: Buffer Overflow in IPv6 RA handling↗2016-10-18

▶

💬Community

Bugzilla

CVE-2016-1245 quagga: Buffer Overflow in IPv6 RA handling↗2016-10-18

▶

Bugzilla

CVE-2016-1245 quagga: Buffer Overflow in IPv6 RA handling [fedora-all]↗2016-10-18

▶

Bugzilla

CVE-2016-2316 asterisk: File descriptor exhaustion in chan_sip (AST-2016-002)↗2016-02-04

▶