Vulnerability Details : CVE-2016-1245
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.
Vulnerability category: Overflow
Products affected by CVE-2016-1245
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*
Threat overview for CVE-2016-1245
Top countries where our scanners detected CVE-2016-1245
Top open port discovered on systems with this issue
2601
IPs affected by CVE-2016-1245 49,768
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-1245!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-1245
2.35%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-1245
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-1245
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1245
-
http://rhn.redhat.com/errata/RHSA-2017-0794.html
RHSA-2017:0794 - Security Advisory - Red Hat Customer Portal
-
https://security.gentoo.org/glsa/201701-48
Quagga: Multiple vulnerabilities (GLSA 201701-48) — Gentoo security
-
https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546
zebra: stack overrun in IPv6 RA receive code (CVE-2016-1245) · Quagga/quagga@cfb1fae · GitHubPatch;Third Party Advisory
-
http://www.securityfocus.com/bid/93775
Quagga CVE-2016-1245 Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
http://www.gossamer-threads.com/lists/quagga/users/31952
Mailing List Archive: Quagga CVE Released: CVE-2016-1245 (Fix in latest 1.0.20161017 release)Mailing List;Mitigation;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1386109
1386109 – (CVE-2016-1245) CVE-2016-1245 quagga: Buffer Overflow in IPv6 RA handlingIssue Tracking;Third Party Advisory
-
https://www.debian.org/security/2016/dsa-3695
Debian -- Security Information -- DSA-3695-1 quaggaThird Party Advisory
Jump to