Quagga

Quagga

33 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2011-3325

  • EPSS 9.18%
  • Veröffentlicht 10.10.2011 10:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via (1) a 0x0a type field in an IPv4 packet header or (2) a truncated IPv4 Hello packet.

5

CVE-2011-3324

  • EPSS 8.01%
  • Veröffentlicht 10.10.2011 10:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via trailing zero values in the Link State Adver...

5

CVE-2011-3323

  • EPSS 8.01%
  • Veröffentlicht 10.10.2011 10:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon crash) via a Link State Update message with an invalid IPv6 prefix length.

5

CVE-2010-1675

  • EPSS 3.78%
  • Veröffentlicht 29.03.2011 18:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute.

5

CVE-2010-1674

  • EPSS 3.72%
  • Veröffentlicht 29.03.2011 18:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute.

5

CVE-2010-2949

  • EPSS 4.64%
  • Veröffentlicht 10.09.2010 19:00:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message.

6.5

CVE-2010-2948

  • EPSS 7%
  • Veröffentlicht 10.09.2010 19:00:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Ou...

5

CVE-2009-1572

Exploit
  • EPSS 11.18%
  • Veröffentlicht 06.05.2009 17:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.

3.5

CVE-2007-4826

  • EPSS 1.44%
  • Veröffentlicht 12.09.2007 10:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debuggi...

6.3

CVE-2007-1995

  • EPSS 1.1%
  • Veröffentlicht 12.04.2007 10:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit)...