CVE-2016-2342
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-2342
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2342.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-2342
- Related
- Withdrawn
- 2024-05-08T06:49:19.947843Z
- Published
- 2016-03-17T14:59:01Z
- Modified
- 2023-11-28T14:11:47.870377Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The bgpnlriparsevpnv4 function in bgpmplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet.
- References
-
- http://rhn.redhat.com/errata/RHSA-2017-0794.html
- http://www.debian.org/security/2016/dsa-3532
- http://www.ubuntu.com/usn/USN-2941-1
- https://security.gentoo.org/glsa/201610-03
- http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442
- http://lists.opensuse.org/opensuse-updates/2016-03/msg00102.html
- http://lists.opensuse.org/opensuse-updates/2016-03/msg00117.html
- http://nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txt
- http://www.kb.cert.org/vuls/id/270232
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securityfocus.com/bid/84318
Affected packages
Git / github.com/Quagga/quagga
Affected ranges
- Type
- GIT
- Repo
- https://github.com/Quagga/quagga
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
RE-0.*
RE-0.99.17.1
RE-0.99.17.2
RE-0.99.17.3
RE-0.99.17.4
RE-0.99.17.5
RE-0.99.17.6
Other
bgp_rserver_after
bgp_rserver_before
import_isisd_sf_20031223
libtool-after
libtool-before
merge_zprivs_head_1
merge_zprivs_head_2
merge_zprivs_head_3
merge_zprivs_head_4
nonblocking_zclient_after
nonblocking_zclient_before
nonblocking_zserv_after
nonblocking_zserv_before
ospf_api
patch_revert_debug_nssa_patch
patch_vtysh_add_ssh_fix
patch_vtysh_pagesize
patch_z12269_linkstate
patch_z14599_multicast_inactive_if
patch_z14631_ptp_rfc3021
patch_z14800_ospfd_ptmp
patch_z15554_vtysh_writeconf
patch_z15646_ospfd_seqnum_time
patch_z15715_ospf_md5
patch_z15769_ripv1
patch_z16525_kame
patch_z16681_ospfd_nssa
patch_z16823
patch_z16824_nsm_kill_neighbour
patch_z17217_show_thread_cpu
patch_z17218_cli_walk_up
patch_z17290_ifupstaticfix
patch_z17290_portfix
patch_z17335_ospfd_doc
patch_z17352_ptp_network_match
post_bgp_workqueus
pre-rfc2301
pre_bgp_workqueus
quagga_0_96_1_release
quagga_0_96_2_release
quagga_0_96_3_release
quagga_0_96_4_release
quagga_0_96_5_release
quagga_0_96_release
quagga_0_97_0_release
quagga_0_97_1_release
quagga_0_97_2_release
quagga_0_97_3_release
quagga_0_97_4_release
quagga_0_97_5_release
quagga_0_98_0_release
quagga_0_99_10_release
quagga_0_99_11_release
quagga_0_99_12_release
quagga_0_99_13_release
quagga_0_99_14_release
quagga_0_99_15_release
quagga_0_99_16_release
quagga_0_99_17_release
quagga_0_99_18_release
quagga_0_99_19_release
quagga_0_99_1_release
quagga_0_99_20_release
quagga_0_99_21_release
quagga_0_99_2_release
quagga_0_99_3_release
quagga_0_99_4_release
quagga_0_99_5_release
quagga_0_99_6_release
quagga_0_99_7_release
quagga_0_99_8_release
quagga_0_99_9_release
quagga_post_listloop_cleanup
quagga_pre_listloop_cleanup
rfc3021-ipv6-fix
quagga-0.*
quagga-0.99.22
quagga-0.99.22-rc1
quagga-0.99.23
quagga-0.99.23-rc1
quagga-0.99.24
quagga-0.99.24-rc1