Filtered by vendor Quagga
Subscribe
Total
36 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0249 | 1 Quagga | 1 Quagga | 2026-04-29 | 3.3 LOW | N/A |
| Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header. | |||||
| CVE-2013-6051 | 1 Quagga | 1 Quagga | 2026-04-29 | 4.3 MEDIUM | N/A |
| The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update. | |||||
| CVE-2011-3327 | 1 Quagga | 1 Quagga | 2026-04-29 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ecommunity.c in bgpd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted BGP UPDATE message over IPv4. | |||||
| CVE-2010-1674 | 1 Quagga | 1 Quagga | 2026-04-29 | 5.0 MEDIUM | N/A |
| The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute. | |||||
| CVE-2012-1820 | 1 Quagga | 1 Quagga | 2026-04-29 | 2.9 LOW | N/A |
| The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message. | |||||
| CVE-2010-1675 | 1 Quagga | 1 Quagga | 2026-04-29 | 5.0 MEDIUM | N/A |
| bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (session reset) via a malformed AS_PATHLIMIT path attribute. | |||||
| CVE-2010-2949 | 1 Quagga | 1 Quagga | 2026-04-29 | 5.0 MEDIUM | N/A |
| bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message. | |||||
| CVE-2012-0250 | 1 Quagga | 1 Quagga | 2026-04-29 | 3.3 LOW | N/A |
| Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field. | |||||
| CVE-2011-3325 | 1 Quagga | 1 Quagga | 2026-04-29 | 5.0 MEDIUM | N/A |
| ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via (1) a 0x0a type field in an IPv4 packet header or (2) a truncated IPv4 Hello packet. | |||||
| CVE-2011-3323 | 1 Quagga | 1 Quagga | 2026-04-29 | 5.0 MEDIUM | N/A |
| The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (out-of-bounds memory access and daemon crash) via a Link State Update message with an invalid IPv6 prefix length. | |||||
| CVE-2013-2236 | 1 Quagga | 1 Quagga | 2026-04-29 | 2.6 LOW | N/A |
| Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) via a large LSA. | |||||
| CVE-2012-0255 | 1 Quagga | 1 Quagga | 2026-04-29 | 5.0 MEDIUM | N/A |
| The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability). | |||||
| CVE-2011-3326 | 1 Quagga | 1 Quagga | 2026-04-29 | 5.0 MEDIUM | N/A |
| The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99.19 allows remote attackers to cause a denial of service (daemon crash) via an invalid Link State Advertisement (LSA) type in an IPv4 Link State Update message. | |||||
| CVE-2010-2948 | 1 Quagga | 1 Quagga | 2026-04-29 | 6.5 MEDIUM | N/A |
| Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message. | |||||
| CVE-2011-3324 | 1 Quagga | 1 Quagga | 2026-04-29 | 5.0 MEDIUM | N/A |
| The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via trailing zero values in the Link State Advertisement (LSA) header list of an IPv6 Database Description message. | |||||
| CVE-2007-4826 | 1 Quagga | 1 Quagga | 2026-04-23 | 3.5 LOW | N/A |
| bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled. | |||||
| CVE-2009-1572 | 1 Quagga | 1 Quagga | 2026-04-23 | 5.0 MEDIUM | N/A |
| The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error. | |||||
| CVE-2007-1995 | 1 Quagga | 1 Quagga | 2026-04-23 | 6.3 MEDIUM | N/A |
| bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read. | |||||
| CVE-2006-2276 | 1 Quagga | 1 Quagga | 2026-04-16 | 4.9 MEDIUM | N/A |
| bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface. | |||||
| CVE-2003-0858 | 2 Gnu, Quagga | 2 Zebra, Quagga Routing Software Suite | 2026-04-16 | 2.1 LOW | N/A |
| Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. | |||||