CVE-2017-5495

CWE-119Buffer OverflowCWE-770Allocation without Limits9 documents7 sources
Severity
7.5HIGH
EPSS
3.6%
top 12.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Quagga Quagga
Timeline
PublishedJan 24
Latest updateMay 14

Description

All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface 'vty' input buffer grows au

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Alpinequagga< 1.1.1-r0+18
NVDquagga/quagga1.1.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-6629-rcxv-r9v7: All versions of Quagga, 02022-05-14
OSV
quagga vulnerabilities2017-10-31
OSV
CVE-2017-5495: All versions of Quagga, 02017-01-24
CVEList
CVE-2017-5495: All versions of Quagga, 02017-01-24

📋Vendor Advisories

2
Ubuntu
Quagga vulnerabilities2017-10-31
Red Hat
quagga: Telnet interface input buffer allocates unbounded amounts of memory2017-01-23

💬Community

2
Bugzilla
CVE-2017-5495 quagga: Telnet interface input buffer allocates unbounded amounts of memory [fedora-all]2017-01-24
Bugzilla
CVE-2017-5495 quagga: Telnet interface input buffer allocates unbounded amounts of memory2017-01-24
CVE-2017-5495 (HIGH CVSS 7.5) | All versions of Quagga | cvebase.io