Search CVE reports


Toggle filters

21 – 30 of 56 results


CVE-2021-44038

Low priority
Vulnerable

An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package...

1 affected package

quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
quagga Not in release Not in release Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2012-5521

Low priority
Vulnerable

quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal

1 affected package

quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
quagga Not in release Not in release Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2017-3224

Low priority
Vulnerable

Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA,...

1 affected package

quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
quagga Not in release Not in release Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2018-5381

Medium priority
Fixed

The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid...

1 affected package

quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
quagga Fixed
Show less packages

CVE-2018-5380

Low priority
Fixed

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.

1 affected package

quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
quagga Fixed
Show less packages

CVE-2018-5379

Medium priority
Fixed

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or...

1 affected package

quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
quagga Fixed
Show less packages

CVE-2018-5378

Medium priority
Fixed

The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a...

1 affected package

quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
quagga Not affected
Show less packages

CVE-2017-16227

Medium priority
Fixed

The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes...

1 affected package

quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
quagga Fixed
Show less packages

CVE-2017-5495

Low priority

Some fixes available 2 of 4

All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured...

1 affected package

quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
quagga Fixed
Show less packages

CVE-2016-1245

Medium priority
Fixed

It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a...

1 affected package

quagga

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
quagga Fixed
Show less packages