PT-2016-4668 · Quagga+5 · Quagga+5

David Lamparter

Published

2016-10-18

Updated

2024-06-15

CVE-2016-1245

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Quagga versions prior to 1.0.20161017

Description A stack-based buffer overflow issue was found in the zebra daemon when processing IPv6 Neighbor Discovery messages. The root cause of this issue is the reliance on BUFSIZ, which is system-dependent, to be compatible with a message size.

Recommendations For versions prior to 1.0.20161017, update to version 1.0.20161017 or later to resolve the issue.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2017-2400

CESA-2017_0794

CVE-2016-1245

DLA-662-1

DSA-3695-1

MGASA-2016-0374

OPENSUSE-SU-2016_2617-1

OPENSUSE-SU-2016_2646-1

OPENSUSE-SU-2024:10362-1

RHSA-2017:0794

RHSA-2017_0794

SUSE-SU-2016:2569-1

SUSE-SU-2016:2618-1

SUSE-SU-2016_2569-1

SUSE-SU-2016_2618-1

SUSE-SU-2017:2294-1

SUSE-SU-2017_2294-1

USN-3110-1

Affected Products

Alt Linux

Centos

Quagga

Red Hat

Suse

Ubuntu

PT-2016-4668 · Quagga+5 · Quagga+5

CVE-2016-1245

Weakness Enumeration

Related Identifiers

Affected Products

References · 37