VDB
CVE-2016-2342
CVE-2016-2342
PUBLISHED
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet.
EPSS 20.44% · 95.7th percentile
Risk Scores
EPSS Score
20.44%
95.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | quagga | 0, 0.99.22.4-1, 0.99.22.4-2 |
Exploit Intelligence
- 84318 (circl)
- RHSA-2017:0794 (circl)
- openSUSE-SU-2016:0863 (circl)
- DSA-3532 (circl)
- VU#270232 (circl)
- http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442 (circl)
- GLSA-201610-03 (circl)
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html (circl)
- openSUSE-SU-2016:0888 (circl)
- http://nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txt (circl)
…and 1 more exploits
Timeline
- Mar 17, 2016 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Oct 29, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-2342 third-party-advisory
- http://www.kb.cert.org/vuls/id/270232 third-party-advisory
- http://nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txt third-party-advisory
- https://ubuntu.com/security/notices/USN-2941-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-2342 third-party-advisory