CVE-2016-2342

EPSS 20.44%
Veröffentlicht 17.03.2016 14:59:01
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cret@cert.org
Teams Watchlist Login
Unerledigt Login

The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Quagga ≫ Quagga Version0.99.24

Debian ≫ Debian Linux Version7.0

Debian ≫ Debian Linux Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	20.44%	0.95

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.6	4.9	10	AV:N/AC:H/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://rhn.redhat.com/errata/RHSA-2017-0794.html

http://www.ubuntu.com/usn/USN-2941-1

http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442

http://lists.opensuse.org/opensuse-updates/2016-03/msg00102.html

http://lists.opensuse.org/opensuse-updates/2016-03/msg00117.html

http://nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txt

http://www.debian.org/security/2016/dsa-3532

http://www.kb.cert.org/vuls/id/270232

Third Party Advisory

US Government Resource

http://www.securityfocus.com/bid/84318

https://security.gentoo.org/glsa/201610-03

https://nvd.nist.gov/vuln/detail/CVE-2016-2342

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-2342

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-2342

EUVD