54 matches found
SUSE CVE-2012-1820
The bgpcapabilityorf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service assertion failure and daemon exit by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering ORF capability TLV in an OPEN message...
SUSE CVE-2018-5381
The Quagga BGP daemon bgpd prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgppacket.c:bgpcapabilitymsgparse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI,...
USN-4032-1 firefox vulnerability
It was discovered that a sandboxed child process could open arbitrary web content in the parent process via the Prompt:Open IPC message. When combined with another vulnerability, an attacker could potentially exploit this to execute arbitrary code...
CVE-2018-5381
The Quagga BGP daemon bgpd prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgppacket.c:bgpcapabilitymsgparse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI,...
FreeBSD : quagga -- several security issues (e15a22ce-f16f-446b-9ca7-6859350c2e75)
Quagga reports : The Quagga BGP daemon, bgpd, does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or it may crash. The Quagga BGP daemon, bgpd, can double-free memo...
UBUNTU-CVE-2018-5381
The Quagga BGP daemon bgpd prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgppacket.c:bgpcapabilitymsgparse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI,...
CVE-2017-2314
The CVE-2017-2314 issue affects Juniper Junos OS, specifically the routing protocol daemon (rpd). It is triggered by receiving a malformed BGP OPEN message, which can cause rpd to crash and restart, resulting in a denial of service. Affected Junos releases include 12.3 (before 12.3R12-S4, 12.3R13...
Juniper Networks Junos OS RPD DoS Vulnerability
Junos OS is prone to a denial of service vulnerability in RPD due to malformed BGP OPEN message. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...
Amazon Linux AMI : quagga (ALAS-2012-90)
The bgpcapabilityorf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service assertion failure and daemon exit by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering ORF capability TLV in an OPEN message. C Tenable...
(bgpd): Assertion failure by processing malformed AS4 capability in BGP OPEN message
The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service assertion failure and daemon exit via a message associated with a malformed Four-octet AS Number Capability aka AS4...
(bgpd): Assertion failure by processing BGP OPEN message with malformed ORF capability TLV (VU#962587)
The bgpcapabilityorf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service assertion failure and daemon exit by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering ORF capability TLV in an OPEN message...
Quagga < 0.99.9 BGPD Multiple Denial of Service Vulnerabilities
According to its self-reported version number, the installation of Quagga's BGP daemon listening on the remote host is affected by multiple denial of service vulnerabilities : - A denial of service vulnerability can be triggered by a malformed OPEN message from an explicitly configured BGP peer. ...
quagga bgpd DoS
bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service crash via a malformed 1 OPEN message or 2 a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled...
CVE-2007-4826
bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service crash via a malformed 1 OPEN message or 2 a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled...