Known Vulnerabilities for products from Quagga
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Quagga".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-44038 json | An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with c... | 7.8 - HIGH | 2021-11-19 | 2022-07-12 |
| CVE-2018-5381 json | The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the b... | 7.5 - HIGH | 2018-02-19 | 2019-10-09 |
| CVE-2018-5380 json | The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug ... | 4.3 - MEDIUM | 2018-02-19 | 2019-10-09 |
| CVE-2018-5379 json | The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, c... | 9.8 - CRITICAL | 2018-02-19 | 2019-10-09 |
| CVE-2018-5378 json | The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if ... | 5.9 - MEDIUM | 2018-02-19 | 2019-10-09 |
| CVE-2017-16227 json | The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (ses... | 7.5 - HIGH | 2017-10-29 | 2017-11-18 |
| CVE-2017-5495 json | All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading... | 7.5 - HIGH | 2017-01-24 | 2018-01-05 |
| CVE-2017-3224 json | Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for ... | 8.2 - HIGH | 2018-07-24 | 2019-10-09 |
| CVE-2016-4049 json | The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might al... | 7.5 - HIGH | 2016-05-23 | 2018-10-30 |
| CVE-2016-2342 json | The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a cer... | 8.1 - HIGH | 2016-03-17 | 2018-01-05 |
| CVE-2016-1245 json | It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when proces... | 9.8 - CRITICAL | 2017-02-22 | 2018-01-05 |
| CVE-2013-6051 json | The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows r... | Not Provided | 2013-12-14 | 2026-04-29 |
| CVE-2013-2236 json | Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.... | Not Provided | 2013-10-24 | 2026-04-29 |
| CVE-2012-5521 json | quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal | 6.5 - MEDIUM | 2019-11-25 | 2020-08-18 |
| CVE-2012-1820 json | The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service ... | Not Provided | 2012-06-13 | 2026-04-29 |
| CVE-2012-0255 json | The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allo... | Not Provided | 2012-04-05 | 2026-04-29 |
| CVE-2012-0250 json | Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of... | Not Provided | 2012-04-05 | 2026-04-29 |
| CVE-2012-0249 json | Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before ... | Not Provided | 2012-04-05 | 2026-04-29 |
| CVE-2011-3327 json | Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity.c in bgpd in Quagga before 0.99.19 allows re... | Not Provided | 2011-10-10 | 2026-04-29 |
| CVE-2011-3326 json | The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of servic... | Not Provided | 2011-10-10 | 2026-04-29 |
Known software with vulnerabilities from Quagga
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Quagga | Quagga | - |