Bugs fixes in "quagga"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2023-46753 | An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one wi | 2023-11-15 |
| CVE | CVE-2022-37032 | An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capabi | 2023-11-15 |
| CVE | CVE-2023-46753 | An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one wi | 2023-11-15 |
| CVE | CVE-2022-37032 | An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capabi | 2023-11-15 |
| CVE | CVE-2023-41360 | An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation. | 2023-10-17 |
| CVE | CVE-2023-41358 | An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero. | 2023-10-17 |
| CVE | CVE-2023-41360 | An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation. | 2023-10-17 |
| CVE | CVE-2023-41358 | An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero. | 2023-10-17 |
| CVE | CVE-2017-16227 | The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDAT | 2017-10-31 |
| CVE | CVE-2017-5495 | All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service | 2017-10-31 |
| CVE | CVE-2017-16227 | The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDAT | 2017-10-31 |
| CVE | CVE-2017-5495 | All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service | 2017-10-31 |
| CVE | CVE-2017-16227 | The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDAT | 2017-10-31 |
| CVE | CVE-2017-5495 | All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service | 2017-10-31 |
| CVE | CVE-2017-16227 | The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDAT | 2017-10-31 |
| CVE | CVE-2017-5495 | All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service | 2017-10-31 |
| CVE | CVE-2016-4049 | The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to | 2016-10-13 |
| CVE | CVE-2016-4036 | The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows loca | 2016-10-13 |
| CVE | CVE-2016-4049 | The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to | 2016-10-13 |
| CVE | CVE-2016-4036 | The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows loca | 2016-10-13 |
About
-
Send Feedback to @ubuntu_updates
