Quagga : Security Vulnerabilities, CVEs, Published In 2010
bgpd in Quagga before 0.99.17 does not properly parse AS paths, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unknown AS type in an AS path attribute in a BGP UPDATE message.
Max CVSS
5.0
EPSS Score
18.19%
Published
2010-09-10
Updated
2023-02-13
Stack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message.
Max CVSS
6.5
EPSS Score
5.62%
Published
2010-09-10
Updated
2023-02-13
2 vulnerabilities found