Quagga Security Vulnerabilities and Issues — Quagga CVE List

Lucene search

QuaggaQuagga

11 matches found

CVE•added 2011/10/10 10:55 a.m.•74 views

CVE-2011-3324

The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via trailing zero values in the Link State Advertisement (LSA) header list of an IPv6 Database De...

5CVSS8.8AI score0.0801EPSS

CVE•added 2010/09/10 7:0 p.m.•73 views

CVE-2010-2949

bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message.

5CVSS6.3AI score0.04638EPSS

CVE•added 2012/04/05 1:25 p.m.•73 views

CVE-2012-0255

The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capabi...

5CVSS6AI score0.01037EPSS

CVE•added 2011/10/10 10:55 a.m.•71 views

CVE-2011-3323

The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon crash) via a Link State Update message with an invalid IPv6 prefix length.

5CVSS8.8AI score0.0801EPSS

CVE•added 2011/03/29 6:55 p.m.•66 views

CVE-2010-1674

The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute.

5CVSS6.2AI score0.0372EPSS

CVE•added 2011/03/29 6:55 p.m.•62 views

CVE-2010-1675

bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute.

5CVSS6.2AI score0.03779EPSS

CVE•added 2011/10/10 10:55 a.m.•60 views

CVE-2011-3326

The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via an invalid Link State Advertisement (LSA) type in an IPv4 Link State Update message.

5CVSS8.8AI score0.07568EPSS

CVE•added 2011/10/10 10:55 a.m.•59 views

CVE-2011-3325

ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via (1) a 0x0a type field in an IPv4 packet header or (2) a truncated IPv4 Hello packet.

5CVSS8.9AI score0.09183EPSS

CVE•added 2009/05/06 5:30 p.m.•50 views

CVE-2009-1572

The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.

5CVSS7.1AI score0.11175EPSS

CVE•added 2003/12/15 5:0 a.m.•40 views

CVE-2003-0795

The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null ...

5CVSS6.2AI score0.08008EPSS

CVE•added 2006/05/05 7:2 p.m.•40 views

CVE-2006-2223

RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.

5CVSS5.9AI score0.13585EPSS