Known Vulnerabilities for products from Quagga
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Quagga".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2018-5381 | The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the b... | 7.5 - HIGH | 2018-02-19 | 2019-10-09 |
| CVE-2018-5380 | The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug ... | 4.3 - MEDIUM | 2018-02-19 | 2019-10-09 |
| CVE-2018-5379 | The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, c... | 9.8 - CRITICAL | 2018-02-19 | 2019-10-09 |
| CVE-2018-5378 | The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if ... | 5.9 - MEDIUM | 2018-02-19 | 2019-10-09 |
| CVE-2017-16227 | The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (ses... | 7.5 - HIGH | 2017-10-29 | 2017-11-18 |
| CVE-2017-5495 | All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading... | 7.5 - HIGH | 2017-01-24 | 2018-01-05 |
| CVE-2017-3224 | Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for ... | 8.2 - HIGH | 2018-07-24 | 2019-10-09 |
| CVE-2016-4049 | The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might al... | 7.5 - HIGH | 2016-05-23 | 2018-10-30 |
| CVE-2016-2342 | The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a cer... | 8.1 - HIGH | 2016-03-17 | 2018-01-05 |
| CVE-2016-1245 | It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when proces... | 9.8 - CRITICAL | 2017-02-22 | 2018-01-05 |
| CVE-2013-6051 | The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows r... | 4.3 - MEDIUM | 2013-12-14 | 2023-11-07 |
| CVE-2013-2236 | Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.... | 2.6 - LOW | 2013-10-24 | 2023-11-07 |
| CVE-2012-5521 | quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal | 6.5 - MEDIUM | 2019-11-25 | 2020-08-18 |
| CVE-2012-1820 | The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service ... | 2.9 - LOW | 2012-06-13 | 2013-03-02 |
| CVE-2012-0255 | The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allo... | 5 - MEDIUM | 2012-04-05 | 2018-01-18 |
| CVE-2012-0250 | Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of... | 3.3 - LOW | 2012-04-05 | 2018-01-18 |
| CVE-2012-0249 | Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before ... | 3.3 - LOW | 2012-04-05 | 2018-01-18 |
| CVE-2011-3327 | Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity.c in bgpd in Quagga before 0.99.19 allows re... | 7.5 - HIGH | 2011-10-10 | 2023-11-07 |
| CVE-2011-3326 | The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of servic... | 5 - MEDIUM | 2011-10-10 | 2023-11-07 |
| CVE-2011-3325 | ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via (1) a... | 5 - MEDIUM | 2011-10-10 | 2023-11-07 |
Known software with vulnerabilities from Quagga
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Quagga | Quagga | - |