CPE Details
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:quagga:quagga:1.1.1:*:*:*:*:*:*:*
Informations
Vendor
quaggaProduct
quaggaVersion
1.1.1Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update. | 7.8 |
High |
||
| The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash. | 7.1 |
High |
||
| The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code. | 9.8 |
Critical |
||
| The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. | 4.3 |
Medium |
||
| The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service. | 7.5 |
High |
||
| The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message. | 7.5 |
High |
2025©
tesweb SA
