FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
70c44cd0-e717-11e5-85be-14dae9d210b8	quagga -- stack based buffer overflow vulnerability Donald Sharp reports: A malicious BGP peer may execute arbitrary code in particularly configured remote bgpd hosts. Discovery 2016-01-27 Entry 2016-03-10 quagga < 1.0.20160309 https://www.kb.cert.org/vuls/id/270232 http://savannah.nongnu.org/forum/forum.php?forum_id=8476 CVE-2016-2342
e15a22ce-f16f-446b-9ca7-6859350c2e75	quagga -- several security issues Quagga reports: The Quagga BGP daemon, bgpd, does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or it may crash. The Quagga BGP daemon, bgpd, can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. The Quagga BGP daemon, bgpd, can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. The Quagga BGP daemon, bgpd, can enter an infinite loop if sent an invalid OPEN message by a configured peer. Discovery 2018-01-31 Entry 2018-02-15 quagga < 1.2.3 https://www.quagga.net/security/Quagga-2018-0543.txt https://www.quagga.net/security/Quagga-2018-1114.txt https://www.quagga.net/security/Quagga-2018-1550.txt https://www.quagga.net/security/Quagga-2018-1975.txt CVE-2018-5378 CVE-2018-5379 CVE-2018-5380 CVE-2018-5381

VuXML ID

Description

70c44cd0-e717-11e5-85be-14dae9d210b8

quagga -- stack based buffer overflow vulnerability

Donald Sharp reports:

A malicious BGP peer may execute arbitrary code in particularly configured remote bgpd hosts.

Discovery 2016-01-27
Entry 2016-03-10
quagga

< 1.0.20160309

https://www.kb.cert.org/vuls/id/270232
http://savannah.nongnu.org/forum/forum.php?forum_id=8476
CVE-2016-2342

e15a22ce-f16f-446b-9ca7-6859350c2e75

quagga -- several security issues

Quagga reports:

The Quagga BGP daemon, bgpd, does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or it may crash.

The Quagga BGP daemon, bgpd, can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes.

The Quagga BGP daemon, bgpd, can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.

The Quagga BGP daemon, bgpd, can enter an infinite loop if sent an invalid OPEN message by a configured peer.

Discovery 2018-01-31
Entry 2018-02-15
quagga

< 1.2.3

https://www.quagga.net/security/Quagga-2018-0543.txt
https://www.quagga.net/security/Quagga-2018-1114.txt
https://www.quagga.net/security/Quagga-2018-1550.txt
https://www.quagga.net/security/Quagga-2018-1975.txt
CVE-2018-5378
CVE-2018-5379
CVE-2018-5380
CVE-2018-5381