Quagga : Security Vulnerabilities, CVEs, (Memory corruption)
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.
Max CVSS
9.8
EPSS Score
5.61%
Published
2018-02-19
Updated
2019-10-09
bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message.
Max CVSS
5.0
EPSS Score
18.19%
Published
2010-09-10
Updated
2023-02-13
The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute.
Max CVSS
5.0
EPSS Score
16.88%
Published
2011-03-29
Updated
2018-01-06
bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled.
Max CVSS
3.5
EPSS Score
0.39%
Published
2007-09-12
Updated
2017-07-29
4 vulnerabilities found