Skip to main content

Quagga

16 CVEs product

Monthly

CVE-2021-44038 HIGH POC This Week

An issue was discovered in Quagga through 1.2.4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Quagga
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2018-5381 HIGH This Week

The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Quagga Ubuntu Linux Debian Linux Ruggedcom Rox Ii Firmware
NVD
CVSS 3.0
7.5
EPSS
30.7%
CVE-2018-5380 MEDIUM This Month

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Quagga Debian Linux Ubuntu Linux +1
NVD
CVSS 3.0
4.3
EPSS
15.1%
CVE-2018-5379 CRITICAL Act Now

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Quagga Debian Linux Ubuntu Linux +6
NVD
CVSS 3.0
9.8
EPSS
39.0%
CVE-2018-5378 MEDIUM This Month

The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Quagga Debian Linux Ubuntu Linux
NVD
CVSS 3.0
5.9
EPSS
74.6%
CVE-2017-16227 HIGH PATCH This Week

The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Quagga Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2016-1245 CRITICAL PATCH Act Now

It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Quagga Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-5495 HIGH PATCH This Week

All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Quagga
NVD GitHub VulDB
CVSS 3.0
7.5
EPSS
3.6%
CVE-2016-4049 HIGH This Week

The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Quagga Leap Opensuse
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2016-2342 HIGH Act Now

The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 20.4% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Quagga Debian Linux
NVD
CVSS 3.0
8.1
EPSS
20.4%
CVE-2013-6051 MEDIUM This Month

The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Quagga
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-2236 LOW Monitor

Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used,. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Quagga
NVD
CVSS 2.0
2.6
EPSS
1.0%
CVE-2012-1820 LOW Monitor

The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering. Rated low severity (CVSS 2.9). No vendor patch available.

Denial Of Service Quagga
NVD
CVSS 2.0
2.9
EPSS
0.2%
CVE-2012-0255 MEDIUM This Month

The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Quagga
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2012-0250 LOW Monitor

Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Quagga
NVD
CVSS 2.0
3.3
EPSS
0.3%
CVE-2012-0249 LOW POC PATCH Monitor

Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Quagga
NVD
CVSS 2.0
3.3
EPSS
0.5%
EPSS 1% CVSS 7.8
HIGH POC This Week

An issue was discovered in Quagga through 1.2.4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Quagga
NVD GitHub
EPSS 31% CVSS 7.5
HIGH This Week

The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Quagga Ubuntu Linux +2
NVD
EPSS 15% CVSS 4.3
MEDIUM This Month

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Quagga +3
NVD
EPSS 39% CVSS 9.8
CRITICAL Act Now

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Quagga +8
NVD
EPSS 75% CVSS 5.9
MEDIUM This Month

The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Quagga Debian Linux +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Quagga Debian Linux
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Quagga Debian Linux
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Quagga
NVD GitHub VulDB
EPSS 2% CVSS 7.5
HIGH This Week

The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Quagga Leap +1
NVD
EPSS 20% CVSS 8.1
HIGH Act Now

The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 20.4% and no vendor patch available.

Denial Of Service RCE Buffer Overflow +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Quagga
NVD
EPSS 1% CVSS 2.6
LOW Monitor

Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used,. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Quagga
NVD
EPSS 0% CVSS 2.9
LOW Monitor

The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering. Rated low severity (CVSS 2.9). No vendor patch available.

Denial Of Service Quagga
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Quagga
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Quagga
NVD
EPSS 1% CVSS 3.3
LOW POC PATCH Monitor

Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Quagga
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy