CVE-2010-1674

Name of the Vulnerable Software and Affected Versions Quagga versions prior to 0.99.20 Quagga versions prior to 0.99.18

Description The issue concerns multiple vulnerabilities in the Quagga package that can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Specifically, the extended-community parser in bgpd is vulnerable to a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute.

Recommendations For Quagga versions prior to 0.99.20, update to version 0.99.20 or later to resolve the issue. For Quagga versions prior to 0.99.18, update to version 0.99.18 or later to prevent a denial of service (NULL pointer dereference and application crash) via a malformed Extended Communities attribute. As a temporary workaround, consider restricting access to the bgpd service to minimize the risk of exploitation.