Total vulnerabilities in the database
bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.
| Software | From | Fixed in |
|---|---|---|
| quagga / quagga | 0.97.5 | 0.97.5.x |
| quagga / quagga | 0.95 | 0.95.x |
| quagga / quagga | 0.98.3 | 0.98.3.x |
| quagga / quagga | 0.96.3 | 0.96.3.x |
| quagga / quagga | 0.96.5 | 0.96.5.x |
| quagga / quagga | 0.98.0 | 0.98.0.x |
| quagga / quagga | 0.96.1 | 0.96.1.x |
| quagga / quagga | 0.98.1 | 0.98.1.x |
| quagga / quagga | 0.96.4 | 0.96.4.x |
| quagga / quagga | - | 0.98.6.x |
| quagga / quagga | 0.98.5 | 0.98.5.x |
| quagga / quagga | 0.97.3 | 0.97.3.x |
| quagga / quagga | 0.97.4 | 0.97.4.x |
| quagga / quagga | 0.98.4 | 0.98.4.x |
| quagga / quagga | 0.98.2 | 0.98.2.x |
| quagga / quagga | 0.97.1 | 0.97.1.x |
| quagga / quagga | 0.97.0 | 0.97.0.x |
| quagga / quagga | 0.96.2 | 0.96.2.x |
| quagga / quagga | 0.97.2 | 0.97.2.x |
| quagga / quagga | 0.96 | 0.96.x |