Quagga Routing Software Suite 1.2.2

CPE Details

Quagga Routing Software Suite 1.2.2
quagga
quagga
1.2.2
2019-09-26
11h26 +00:00
2019-09-26
11h26 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:quagga:quagga:1.2.2:*:*:*:*:*:*:*

Informations

Vendor

quagga

Product

quagga

Version

1.2.2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-44038 2021-11-19 17h29 +00:00 An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update.
7.8
High
CVE-2018-5378 2018-02-19 13h00 +00:00 The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.
7.1
High
CVE-2018-5379 2018-02-19 13h00 +00:00 The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.
9.8
Critical
CVE-2018-5380 2018-02-19 13h00 +00:00 The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
4.3
Medium
CVE-2018-5381 2018-02-19 13h00 +00:00 The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.
7.5
High