CVE-2016-4049
Summary
| CVE | CVE-2016-4049 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2016-05-23 19:59:00 UTC |
|---|
| Updated | 2018-10-30 16:27:00 UTC |
|---|
| Description | The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| openSUSE-SU-2016:1313-1: moderate: Security update for quagga |
SUSE |
lists.opensuse.org |
|
| Quagga Routing Software Suite CVE-2016-4049 Denial Of Service Vulnerability |
BID |
www.securityfocus.com |
|
| [quagga-dev 14619] SIGABRT while dumping BGP routes (bgpd) |
MLIST |
lists.quagga.net |
|
| oss-security - CVE-2016-4049: Denial of Service Vulnerability in Quagga BGP Routing
Daemon (bgpd) |
MLIST |
www.openwall.com |
|
| [quagga-dev 14663] Re: SIGABRT while dumping BGP routes (bgpd) |
MLIST |
lists.quagga.net |
|
| Debian -- Security Information -- DSA-3654-1 quagga |
DEBIAN |
www.debian.org |
|
| Quagga: Multiple vulnerabilities (GLSA 201701-48) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| Quagga bgpd bgp_dump_routes_func() Lets Remote Users Cause the Target Service to Crash - SecurityTracker |
SECTRACK |
www.securitytracker.com |
|
| Red Hat Customer Portal |
REDHAT |
rhn.redhat.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 710430 Gentoo Linux Quagga Multiple Vulnerabilities (GLSA 201701-48)
