Описание
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.
A stack-based buffer overflow flaw was found in the way Quagga handled IPv6 router advertisement messages. A remote attacker could use this flaw to crash the zebra daemon resulting in denial of service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | quagga | Will not fix | ||
| Red Hat Enterprise Linux 7 | quagga | Will not fix | ||
| Red Hat Enterprise Linux 6 | quagga | Fixed | RHSA-2017:0794 | 21.03.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
5 Medium
CVSS2
Связанные уязвимости
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.
It was discovered that the zebra daemon in Quagga before 1.0.20161017 ...
EPSS
5.3 Medium
CVSS3
5 Medium
CVSS2