CyberSec.Space Logo
返回 CVE 浏览器

CVE-2016-1245

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0540%
EPSS Percentile2.89th
Published2017年2月22日
Last Modified2026年5月13日

Vulnerability Description

It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.

Affected Platforms (CPE)

📦
Quagga

Quagga

<= 1.0.20160315
💻
Debian

Debian Linux

= 8.0

References & Advisories

🔗 http://rhn.redhat.com/errata/RHSA-2017-0794.html
🔗 http://www.gossamer-threads.com/lists/quagga/users/31952
🔗 http://www.securityfocus.com/bid/93775
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1386109
🔗 https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546
🔗 https://security.gentoo.org/glsa/201701-48
🔗 https://www.debian.org/security/2016/dsa-3695
🔗 http://rhn.redhat.com/errata/RHSA-2017-0794.html

相关漏洞威胁

CVE-2008-11609.8

ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which...

CVE-2019-92298.8

An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A ...

CVE-2021-201328.8

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a rem...

CVE-2021-201348.4

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability ...