CVE-2016-2342
Published: 17 March 2016
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet.
Priority
Status
Package | Release | Status |
---|---|---|
quagga Launchpad, Ubuntu, Debian |
precise |
Released
(0.99.20.1-0ubuntu0.12.04.4)
|
trusty |
Released
(0.99.22.4-3ubuntu1.1)
|
|
upstream |
Needed
|
|
wily |
Released
(0.99.24.1-2ubuntu0.1)
|
|
Patches: upstream: http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.1 |
Attack vector | Network |
Attack complexity | High |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |