CyberSec.Space Logo
Back to CVE Browser

CVE-2016-1245

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0540%
EPSS Percentile2.89th
PublishedFeb 22, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.

Affected Platforms (CPE)

πŸ“¦
Quagga

Quagga

<= 1.0.20160315
πŸ’»
Debian

Debian Linux

= 8.0

References & Advisories

πŸ”— http://rhn.redhat.com/errata/RHSA-2017-0794.html
πŸ”— http://www.gossamer-threads.com/lists/quagga/users/31952
πŸ”— http://www.securityfocus.com/bid/93775
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1386109
πŸ”— https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546
πŸ”— https://security.gentoo.org/glsa/201701-48
πŸ”— https://www.debian.org/security/2016/dsa-3695
πŸ”— http://rhn.redhat.com/errata/RHSA-2017-0794.html

Related Vulnerabilities

CVE-2008-11609.8

ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which...

CVE-2019-92298.8

An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A ...

CVE-2021-201328.8

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a rem...

CVE-2021-201348.4

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability ...