CVE-2010-2948 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:S/C:P/I:P/A:P
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 90%

Vendor	Product	Version
quagga	quagga	𝑥 ≤ 0.99.16
quagga	quagga	0.95
quagga	quagga	0.96
quagga	quagga	0.96.1
quagga	quagga	0.96.2
quagga	quagga	0.96.3
quagga	quagga	0.96.4
quagga	quagga	0.96.5
quagga	quagga	0.97.0
quagga	quagga	0.97.1
quagga	quagga	0.97.2
quagga	quagga	0.97.3
quagga	quagga	0.97.4
quagga	quagga	0.97.5
quagga	quagga	0.98.0
quagga	quagga	0.98.1
quagga	quagga	0.98.2
quagga	quagga	0.98.3
quagga	quagga	0.98.4
quagga	quagga	0.98.5
quagga	quagga	0.98.6
quagga	quagga	0.99.1
quagga	quagga	0.99.2
quagga	quagga	0.99.3
quagga	quagga	0.99.4
quagga	quagga	0.99.5
quagga	quagga	0.99.6
quagga	quagga	0.99.7
quagga	quagga	0.99.8
quagga	quagga	0.99.9
quagga	quagga	0.99.10
quagga	quagga	0.99.11
quagga	quagga	0.99.12
quagga	quagga	0.99.13
quagga	quagga	0.99.14
quagga	quagga	0.99.15

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

quagga

maverick	not-affected
lucid	Fixed 0.99.15-1ubuntu0.1 released
karmic	Fixed 0.99.13-1ubuntu0.1 released
jaunty	ignored
hardy	Fixed 0.99.9-2ubuntu1.4 released
dapper	Fixed 0.99.2-1ubuntu3.7 released

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3

http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html

http://secunia.com/advisories/41038

http://secunia.com/advisories/41238

http://secunia.com/advisories/42397

http://secunia.com/advisories/42446

http://secunia.com/advisories/42498

http://secunia.com/advisories/48106

http://security.gentoo.org/glsa/glsa-201202-02.xml

http://www.debian.org/security/2010/dsa-2104

http://www.mandriva.com/security/advisories?name=MDVSA-2010:174

http://www.openwall.com/lists/oss-security/2010/08/24/3

http://www.openwall.com/lists/oss-security/2010/08/25/4

http://www.quagga.net/news2.php?y=2010&m=8&d=19

http://www.redhat.com/support/errata/RHSA-2010-0785.html

http://www.redhat.com/support/errata/RHSA-2010-0945.html

http://www.securityfocus.com/bid/42635

http://www.ubuntu.com/usn/USN-1027-1

http://www.vupen.com/english/advisories/2010/2304

http://www.vupen.com/english/advisories/2010/3097

http://www.vupen.com/english/advisories/2010/3124

https://bugzilla.redhat.com/show_bug.cgi?id=626783

http://code.quagga.net/?p=quagga.git%3Ba=commit%3Bh=d64379e8f3c0636df53ed08d5b2f1946cfedd0e3

http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00009.html

http://secunia.com/advisories/41038

http://secunia.com/advisories/41238

http://secunia.com/advisories/42397

http://secunia.com/advisories/42446

http://secunia.com/advisories/42498

http://secunia.com/advisories/48106

http://security.gentoo.org/glsa/glsa-201202-02.xml

http://www.debian.org/security/2010/dsa-2104

http://www.mandriva.com/security/advisories?name=MDVSA-2010:174

http://www.openwall.com/lists/oss-security/2010/08/24/3

http://www.openwall.com/lists/oss-security/2010/08/25/4

http://www.quagga.net/news2.php?y=2010&m=8&d=19

http://www.redhat.com/support/errata/RHSA-2010-0785.html

http://www.redhat.com/support/errata/RHSA-2010-0945.html

http://www.securityfocus.com/bid/42635

http://www.ubuntu.com/usn/USN-1027-1

http://www.vupen.com/english/advisories/2010/2304

http://www.vupen.com/english/advisories/2010/3097

http://www.vupen.com/english/advisories/2010/3124

https://bugzilla.redhat.com/show_bug.cgi?id=626783