FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1e14d46f-af1f-11e1-b242-00215af774f0quagga -- BGP OPEN denial of service vulnerability

CERT reports:

If a pre-configured BGP peer sends a specially-crafted OPEN message with a malformed ORF capability TLV, Quagga bgpd process will erroneously try to consume extra bytes from the input packet buffer. The process will detect a buffer overrun attempt before it happens and immediately terminate with an error message. All BGP sessions established by the attacked router will be closed and its BGP routing disrupted.


Discovery 2012-06-04
Entry 2012-06-05
quagga
le 0.99.20.1

quagga-re
< 0.99.17.10

CVE-2012-1820
http://www.kb.cert.org/vuls/id/962587
42a2c82a-75b9-11e1-89b4-001ec9578670quagga -- multiple vulnerabilities

CERT reports:

The ospfd implementation of OSPF in Quagga allows a remote attacker (on a local network segment with OSPF enabled) to cause a denial of service (daemon aborts due to an assert) with a malformed OSPF LS-Update message.

The ospfd implementation of OSPF in Quagga allows a remote attacker (on a local network segment with OSPF enabled) to cause a denial of service (daemon crash) with a malformed OSPF Network- LSA message.

The bgpd implementation of BGP in Quagga allows remote attackers to cause a denial of service (daemon aborts due to an assert) via BGP Open message with an invalid AS4 capability.


Discovery 2012-03-23
Entry 2012-03-24
Modified 2012-03-26
quagga
< 0.99.20.1

quagga-re
< 0.99.17.8

CVE-2012-0249
CVE-2012-0250
CVE-2012-0255
http://www.kb.cert.org/vuls/id/551715
e15a22ce-f16f-446b-9ca7-6859350c2e75quagga -- several security issues

Quagga reports:

The Quagga BGP daemon, bgpd, does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or it may crash.

The Quagga BGP daemon, bgpd, can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes.

The Quagga BGP daemon, bgpd, can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.

The Quagga BGP daemon, bgpd, can enter an infinite loop if sent an invalid OPEN message by a configured peer.


Discovery 2018-01-31
Entry 2018-02-15
quagga
< 1.2.3

https://www.quagga.net/security/Quagga-2018-0543.txt
https://www.quagga.net/security/Quagga-2018-1114.txt
https://www.quagga.net/security/Quagga-2018-1550.txt
https://www.quagga.net/security/Quagga-2018-1975.txt
CVE-2018-5378
CVE-2018-5379
CVE-2018-5380
CVE-2018-5381
70c44cd0-e717-11e5-85be-14dae9d210b8quagga -- stack based buffer overflow vulnerability

Donald Sharp reports:

A malicious BGP peer may execute arbitrary code in particularly configured remote bgpd hosts.


Discovery 2016-01-27
Entry 2016-03-10
quagga
< 1.0.20160309

https://www.kb.cert.org/vuls/id/270232
http://savannah.nongnu.org/forum/forum.php?forum_id=8476
CVE-2016-2342