Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:SUSE-SU-2024:3426-1
HistorySep 24, 2024 - 4:42 p.m.

Security update for quagga

2024-09-2416:42:36
Google
osv.dev
quagga
security update
cve-2017-15865
cve-2024-44070
cve-2022-37032
bgp
crash
tunnel encap
out-of-bounds read
bug fix

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

6.5

Confidence

Low

JSON

This update for quagga fixes the following issues:

  • CVE-2017-15865: sensitive information disclosed when malformed BGP UPDATE packets are processed. (bsc#1230866)
  • CVE-2024-44070: crash when parsing Tunnel Encap attribute due to no length check. (bsc#1229438)
  • CVE-2022-37032: out-of-bounds read when parsing a BGP capability message due to incorrect size check. (bsc#1202023)

Bug fixes:

  • References to /var/adm/fillup-templates replaced with new %_fillupdir macro. (bsc#1069468)

Related

openvas 31
nessus 50
gentoo 1
debian 5
cert 1
f5 1
freebsd 3
fedora 4
ubuntu 3
mageia 1
osv 19
suse 5
ics 1
amazon 1
rosalinux 1
debiancve 7
prion 6
nvd 11
cvelist 7
cve 10
cbl_mariner 2
vulnrichment 1
redhatcve 6
redos 2
ubuntucve 6
veracode 2
oraclelinux 3
almalinux 2
redhat 3
checkpoint_advisories 3
centos 1
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:3426-1)
2024-09-25 00:00:00
Fedora Update for quagga FEDORA-2018-b3e985489b
2018-03-14 00:00:00
Debian: Security Advisory (DSA-4115-1)
2018-02-14 00:00:00
nessus
nessus
SUSE SLES12 Security Update : quagga (SUSE-SU-2024:3426-1)
2024-09-25 00:00:00
Fedora 26 : quagga (2018-b3e985489b)
2018-03-07 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : Quagga vulnerabilities (USN-3573-1)
2018-02-16 00:00:00
gentoo
gentoo
Quagga: Multiple vulnerabilities
2018-04-22 00:00:00
debian
debian
[SECURITY] [DSA 4115-1] quagga security update
2018-02-15 22:25:18
[SECURITY] [DSA 4115-1] quagga security update
2018-02-15 22:25:18
[SECURITY] [DLA 1286-1] quagga security update
2018-02-16 22:32:14
cert
cert
Quagga bgpd is affected by multiple vulnerabilities
2018-02-15 00:00:00
f5
f5
K62789814 : Quagga bgpd vulnerabilities CVE-2018-5378, CVE-2018-5379, CVE-2018-5380, and CVE-2018-5381
2018-02-23 00:00:00
freebsd
freebsd
quagga -- several security issues
2018-01-31 00:00:00
frr -- BGP Mishandled attribute length on Error
2017-11-08 00:00:00
frr - BGP
2024-08-19 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: quagga-1.2.2-2.fc27
2018-03-06 17:35:18
[SECURITY] Fedora 26 Update: quagga-1.2.2-2.fc26
2018-03-06 17:34:22
[SECURITY] Fedora 39 Update: frr-8.5.5-2.fc39
2024-09-20 00:44:01
ubuntu
ubuntu
Quagga vulnerabilities
2018-02-16 00:00:00
FRR vulnerabilities
2022-10-18 00:00:00
Quagga vulnerabilities
2023-11-15 00:00:00
mageia
mageia
Updated quagga packages fix security vulnerability
2018-02-22 22:49:44
osv
osv
quagga - security update
2018-02-15 00:00:00
quagga - security update
2018-02-16 00:00:00
CVE-2017-15865
2017-11-08 20:29:00
suse
suse
Security update for quagga (important)
2018-02-16 06:10:08
Security update for quagga (important)
2018-02-19 15:13:50
Security update for quagga (important)
2018-02-16 06:08:44
ics
ics
Siemens RUGGEDCOM ROX II
2019-04-09 12:00:00
amazon
amazon
Important: quagga
2018-02-20 21:26:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1960
2021-07-02 18:04:24
debiancve
debiancve
CVE-2017-15865
2017-11-08 20:29:00
CVE-2024-44070
2024-08-19 02:15:04
CVE-2022-37032
2022-09-19 22:15:11
prion
prion
Design/Logic Flaw
2017-11-08 20:29:00
Design/Logic Flaw
2022-09-19 22:15:00
Double free
2018-02-19 13:29:00
nvd
nvd
CVE-2017-15865
2017-11-08 20:29:00
CVE-2024-44070
2024-08-19 02:15:04
CVE-2022-37032
2022-09-19 22:15:11
cvelist
cvelist
CVE-2017-15865
2017-11-08 20:00:00
CVE-2024-44070
2024-08-19 00:00:00
CVE-2018-5381
2018-02-19 13:00:00
cve
cve
CVE-2017-15865
2017-11-08 20:29:00
CVE-2024-44070
2024-08-19 02:15:04
CVE-2018-5381
2018-02-19 13:29:00
cbl_mariner
cbl_mariner
CVE-2024-44070 affecting package frr for versions less than 9.1.1-2
2024-08-25 15:13:42
CVE-2024-44070 affecting package frr for versions less than 8.5.5-2
2024-08-26 16:33:47
vulnrichment
vulnrichment
CVE-2024-44070
2024-08-19 00:00:00
redhatcve
redhatcve
CVE-2024-44070
2024-08-19 06:14:11
CVE-2022-37032
2022-09-21 13:19:14
CVE-2018-5379
2018-02-16 00:48:51
redos
redos
ROS-20240905-01
2024-09-05 00:00:00
ROS-20240607-01
2024-06-07 00:00:00
ubuntucve
ubuntucve
CVE-2022-37032
2022-09-19 00:00:00
CVE-2024-44070
2024-08-19 00:00:00
CVE-2018-5381
2018-02-13 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-10-12 10:37:48
Incorrect Input Validation
2024-08-26 08:37:33
oraclelinux
oraclelinux
frr security, bug fix, and enhancement update
2023-05-15 00:00:00
frr security and bug fix update
2023-05-24 00:00:00
quagga security update
2018-02-28 00:00:00
almalinux
almalinux
Moderate: frr security and bug fix update
2023-05-16 00:00:00
Moderate: frr security, bug fix, and enhancement update
2023-05-09 00:00:00
redhat
redhat
(RHSA-2023:2202) Moderate: frr security, bug fix, and enhancement update
2023-05-09 05:03:17
(RHSA-2023:2801) Moderate: frr security and bug fix update
2023-05-16 05:55:03
(RHSA-2018:0377) Important: quagga security update
2018-02-28 16:24:10
checkpoint_advisories
checkpoint_advisories
Quagga BGP Daemon bgp_update_receive Double Free (CVE-2018-5379)
2019-02-18 00:00:00
Quagga BGP Daemon bgp_capability_msg_parse Denial-of-Service (CVE-2018-5381)
2019-02-17 00:00:00
Quagga BGP Daemon Notify Attribute Out of Bounds Read (CVE-2018-5378)
2019-02-21 00:00:00
centos
centos
quagga security update
2018-03-10 11:52:43

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

6.5

Confidence

Low

JSON
Related for OSV:SUSE-SU-2024:3426-1
openvas31nessus50gentoo1debian5cert1f51freebsd3fedora4ubuntu3mageia1osv19suse5ics1amazon1rosalinux1debiancve7prion6nvd11cvelist7cve10cbl_mariner2vulnrichment1redhatcve6redos2ubuntucve6veracode2oraclelinux3almalinux2redhat3checkpoint_advisories3centos1