Quagga vulnerabilities
35 known vulnerabilities affecting quagga/quagga.
Total CVEs
35
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH7MEDIUM21LOW5
Vulnerabilities
Page 1 of 2
CVE-2018-5379P2CRITICALCVSS 9.8≤ 1.2.22018-02-19
CVE-2018-5379 [CRITICAL] CWE-415 CVE-2018-5379: The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain f
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.
nvdosv
CVE-2018-5378P3MEDIUMCVSS 5.9≤ 1.2.22018-02-19
CVE-2018-5378 [MEDIUM] CWE-119 CVE-2018-5378: The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent wit
The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.
nvd
CVE-2006-2224P3MEDIUMCVSS 5.0PoC≥ 0, < 0.99.3-22006-05-05
CVE-2006-2224 [MEDIUM] CVE-2006-2224: RIPd in Quagga 0
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets.
osv
CVE-2016-2342P3HIGHCVSS 8.1v0.99.242016-03-17
CVE-2016-2342 [HIGH] CWE-119 CVE-2016-2342: The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a c
nvdosv
CVE-2006-2223P4MEDIUMCVSS 5.0PoCv0.98.5v0.99.32006-05-05
CVE-2006-2223 [MEDIUM] CWE-20 CVE-2006-2223: RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) dis
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.
nvdosv
CVE-2017-5495P3HIGHCVSS 7.5≤ 1.1.02017-01-24
CVE-2017-5495 [HIGH] CWE-119 CVE-2017-5495: All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the
All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication.
nvdosv
CVE-2016-1245P3CRITICALCVSS 9.8≤ 1.0.201603152017-02-22
CVE-2016-1245 [CRITICAL] CWE-119 CVE-2016-1245: It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based bu
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.
nvdosv
CVE-2018-5381P3HIGHCVSS 7.5≤ 1.2.22018-02-19
CVE-2018-5381 [HIGH] CWE-228 CVE-2018-5381: The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BG
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.
nvdosv
CVE-2011-3327P3HIGHCVSS 7.5≤ 0.99.18v0.95+36 more2011-10-10
CVE-2011-3327 [HIGH] CWE-119 CVE-2011-3327: Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity.c in bgpd in Quagga
Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity.c in bgpd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted BGP UPDATE message over IPv4.
nvd
CVE-2017-16227P3HIGHCVSS 7.5≤ 1.2.12017-10-29
CVE-2017-16227 [HIGH] CWE-20 CVE-2017-16227: The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.
nvdosv
CVE-2003-0795P4MEDIUMCVSS 5.0PoC≤ 0.96.3v0.95+3 more2003-12-15
CVE-2003-0795 [MEDIUM] CWE-20 CVE-2003-0795: The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotia
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.
nvd
CVE-2021-44038P3HIGHCVSS 7.8≤ 1.2.42021-11-19
CVE-2021-44038 [HIGH] CWE-59 CVE-2021-44038: An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update.
nvd
CVE-2016-4049P3MEDIUMCVSS 5.5≥ 0, < 0.99.22.4-3ubuntu1.2≥ 0, < 0.99.24.1-2ubuntu1.12016-10-13
CVE-2016-4049 [MEDIUM] quagga vulnerabilities
quagga vulnerabilities
It was discovered that Quagga incorrectly handled dumping data. A remote
attacker could possibly use a large BGP packet to cause Quagga to crash,
resulting in a denial of service. (CVE-2016-4049)
It was discovered that the Quagga package incorrectly set permissions on
the configuration directory. A local user could use this issue to possibly
obtain sensitive information. (CVE-2016-4036)
osv
CVE-2010-2948P3MEDIUMCVSS 6.5≤ 0.99.16v0.95+34 more2010-09-10
CVE-2010-2948 [MEDIUM] CWE-119 CVE-2010-2948: Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Qua
Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message.
nvd
CVE-2023-41358P4HIGHCVSS 7.5≥ 0, < 0.99.24.1-2ubuntu1.4+esm1≥ 0, < 1.2.4-1ubuntu0.1~esm1+1 more2023-10-17
CVE-2023-41358 [HIGH] quagga vulnerabilities
quagga vulnerabilities
It was discovered that the Quagga BGP daemon did not properly check the
attribute length in NRLI. A remote attacker could possibly use this issue
to cause a denial of service. (CVE-2023-41358)
It was discovered that the Quagga BGP daemon did not properly manage memory
when reading initial bytes of ORF header. A remote attacker could possibly
use this issue to cause a denial of service. (CVE-2023-41360)
osv
CVE-2018-5380P4MEDIUMCVSS 4.3≤ 1.2.22018-02-19
CVE-2018-5380 [MEDIUM] CWE-125 CVE-2018-5380: The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversi
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
nvdosv
CVE-2010-1674P4MEDIUMCVSS 5.0≤ 0.99.17v0.95+35 more2011-03-29
CVE-2010-1674 [MEDIUM] CVE-2010-1674: The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a de
The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute.
nvd
CVE-2012-5521P4MEDIUMCVSS 6.5v0.99.212019-11-25
CVE-2012-5521 [MEDIUM] CWE-617 CVE-2012-5521: quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal
quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal
nvd
CVE-2011-3323P4MEDIUMCVSS 5.0≤ 0.99.18v0.95+36 more2011-10-10
CVE-2011-3323 [MEDIUM] CWE-119 CVE-2011-3323: The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a deni
The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon crash) via a Link State Update message with an invalid IPv6 prefix length.
nvd
CVE-2011-3325P4MEDIUMCVSS 5.0≤ 0.99.18v0.95+36 more2011-10-10
CVE-2011-3325 [MEDIUM] CWE-399 CVE-2011-3325: ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service
ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via (1) a 0x0a type field in an IPv4 packet header or (2) a truncated IPv4 Hello packet.
nvd
1 / 2Next →