Filtered by vendor Quagga
Subscribe
Total
36 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-2948 | 1 Quagga | 1 Quagga | 2024-02-04 | 6.5 MEDIUM | N/A |
Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message. | |||||
CVE-2010-1674 | 1 Quagga | 1 Quagga | 2024-02-04 | 5.0 MEDIUM | N/A |
The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute. | |||||
CVE-2010-1675 | 1 Quagga | 1 Quagga | 2024-02-04 | 5.0 MEDIUM | N/A |
bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute. | |||||
CVE-2011-3323 | 1 Quagga | 1 Quagga | 2024-02-04 | 5.0 MEDIUM | N/A |
The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon crash) via a Link State Update message with an invalid IPv6 prefix length. | |||||
CVE-2010-2949 | 1 Quagga | 1 Quagga | 2024-02-04 | 5.0 MEDIUM | N/A |
bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message. | |||||
CVE-2011-3324 | 1 Quagga | 1 Quagga | 2024-02-04 | 5.0 MEDIUM | N/A |
The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via trailing zero values in the Link State Advertisement (LSA) header list of an IPv6 Database Description message. | |||||
CVE-2011-3326 | 1 Quagga | 1 Quagga | 2024-02-04 | 5.0 MEDIUM | N/A |
The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via an invalid Link State Advertisement (LSA) type in an IPv4 Link State Update message. | |||||
CVE-2009-1572 | 1 Quagga | 1 Quagga | 2024-02-04 | 5.0 MEDIUM | N/A |
The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error. | |||||
CVE-2007-4826 | 1 Quagga | 1 Quagga | 2024-02-04 | 3.5 LOW | N/A |
bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled. | |||||
CVE-2007-1995 | 1 Quagga | 1 Quagga | 2024-02-04 | 6.3 MEDIUM | N/A |
bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read. | |||||
CVE-2006-2224 | 1 Quagga | 1 Quagga Routing Software Suite | 2024-02-04 | 5.0 MEDIUM | N/A |
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets. | |||||
CVE-2006-2223 | 1 Quagga | 1 Quagga | 2024-02-04 | 5.0 MEDIUM | N/A |
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE. | |||||
CVE-2006-2276 | 1 Quagga | 1 Quagga | 2024-02-04 | 4.9 MEDIUM | N/A |
bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface. | |||||
CVE-2003-0858 | 2 Gnu, Quagga | 2 Zebra, Quagga Routing Software Suite | 2024-02-04 | 2.1 LOW | N/A |
Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. | |||||
CVE-2003-0795 | 3 Gnu, Quagga, Sgi | 3 Zebra, Quagga, Propack | 2024-02-04 | 5.0 MEDIUM | N/A |
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference. | |||||
CVE-2003-0859 | 5 Gnu, Intel, Quagga and 2 more | 7 Glibc, Zebra, Ia64 and 4 more | 2024-02-04 | 4.9 MEDIUM | N/A |
The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. |