SUSE CVE-2017-16227

The aspathput function in bgpd/bgpaspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service session drop via BGP UPDATE messages, because ASPATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message...

CVE-2022-3094 An UPDATE message flood may cause named to exhaust all available memory

Sending a flood of dynamic DNS updates may cause named to allocate large amounts of memory. This, in turn, may cause named to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions ACLs and is...

Race condition

A vulnerability in the implementation of the Border Gateway Protocol BGP Ethernet VPN EVPN functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to the incorrect processing of a BGP update messa...

CVE-2022-20758 Cisco IOS XR Software Border Gateway Protocol Ethernet VPN Denial of Service Vulnerability

A vulnerability in the implementation of the Border Gateway Protocol BGP Ethernet VPN EVPN functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to the incorrect processing of a BGP update messa...

Input validation

An Improper Validation of Specified Quantity in Input vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause an rdp crash and thereby a Denial of Service DoS. If a BGP update message is received over an established BGP...

Fake Software Update Webpage

A misleading web page, disguising as an update message, is used to trick a user into installing malware, leading to loss of data, or allowing the attacker to run arbitrary code on the infected machine...

CVE-2020-3397

A vulnerability in the Border Gateway Protocol BGP Multicast VPN MVPN implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service DoS condition. The vulnerability is due to incomplete...

Design/Logic Flaw

A vulnerability in the Border Gateway Protocol BGP Multicast VPN MVPN implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a BGP session to repeatedly reset, causing a partial denial of service DoS condition due to the BGP session being down. The...

Cisco NX-OS Denial of Service Vulnerability (CNVD-2020-50555)

Cisco NX-OS Software is a set of data center-grade operating system software for switches from Cisco.TCP Transmission Control Protocol is a connection-oriented, reliable, byte-stream-based transport layer communication protocol defined by IETF RFC 793. 793. A security vulnerability exists in the...

Arista Networks Rib agent DoS (SA0033)

The version of Arista Networks EOS running on the remote device is affected by a denial of service DoS vulnerability. The switch's Rib agent may restart if a malicious BGP peer sends a malformed path attribute in an UPDATE message, resulting in a DoS condition. Note that Nessus has not tested for...

Cisco NX-OS Software Border Gateway Protocol Denial of Service Vulnerability

A vulnerability in the Border Gateway Protocol BGP implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to the device unexpectedly reloading. The vulnerability is due to incomplete input validation of the BGP update...

CVE-2018-5254

Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service Rib agent restart via a malformed path attribute in an UPDATE message...

CVE-2018-5254

Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service Rib agent restart via a malformed path attribute in an UPDATE message...

EulerOS 2.0 SP2 : quagga (EulerOS-SA-2018-1065)

According to the versions of the quagga package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A double-free vulnerability was found in Quagga. A BGP peer could send a specially crafted UPDATE message which would cause allocated blocks of...

CentOS Update for quagga CESA-2018:0377 centos7

Check the version of quagga SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882853";...

Important: quagga

Issue Overview: Infinite loop issue triggered by invalid OPEN message allows denial-of-service An infinite loop vulnerability was discovered in Quagga. A BGP peer could send specially crafted packets that would cause the daemon to enter an infinite loop, denying service and consuming CPU until it...

CVE-2018-5379

The Quagga BGP daemon bgpd prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code...

CVE-2018-5379

The Quagga BGP daemon bgpd prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code...

FreeBSD : quagga -- several security issues (e15a22ce-f16f-446b-9ca7-6859350c2e75)

Quagga reports : The Quagga BGP daemon, bgpd, does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or it may crash. The Quagga BGP daemon, bgpd, can double-free memo...

CVE-2018-5379

The Quagga BGP daemon bgpd prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code...