CVE-2016-2342 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.1 HIGH	NETWORK	HIGH	NONE	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 95%

Affected Products (NVD)

Vendor	Product	Version
quagga	quagga	0.99.24
debian	debian_linux	7.0
debian	debian_linux	8.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

quagga

precise	Fixed 0.99.20.1-0ubuntu0.12.04.4 released
trusty	Fixed 0.99.22.4-3ubuntu1.1 released
wily	Fixed 0.99.24.1-2ubuntu0.1 released

openSUSE / SLES Releases

openSUSE Product

Release

libospf0

suse enterprise sap 12 SP5	1.1.1-17.7.1 fixed
suse enterprise server 12 SP4	1.1.1-17.7.1 fixed
suse enterprise server 12 SP5	1.1.1-17.7.1 fixed

libospfapiclient0

suse enterprise sap 12 SP5	1.1.1-17.7.1 fixed
suse enterprise server 12 SP4	1.1.1-17.7.1 fixed
suse enterprise server 12 SP5	1.1.1-17.7.1 fixed

libquagga_pb0

suse enterprise sap 12 SP5	1.1.1-17.7.1 fixed
suse enterprise server 12 SP4	1.1.1-17.7.1 fixed
suse enterprise server 12 SP5	1.1.1-17.7.1 fixed

libzebra1

suse enterprise sap 12 SP5	1.1.1-17.7.1 fixed
suse enterprise server 12 SP4	1.1.1-17.7.1 fixed
suse enterprise server 12 SP5	1.1.1-17.7.1 fixed

quagga

suse enterprise sap 12 SP5	1.1.1-17.7.1 fixed
suse enterprise server 12 SP4	1.1.1-17.7.1 fixed
suse enterprise server 12 SP5	1.1.1-17.7.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

quagga

RHEL 6

0:0.99.15-14.el6

fixed

quagga-contrib

RHEL 6

0:0.99.15-14.el6

fixed

quagga-devel

RHEL 6

0:0.99.15-14.el6

fixed

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442

http://lists.opensuse.org/opensuse-updates/2016-03/msg00102.html

http://lists.opensuse.org/opensuse-updates/2016-03/msg00117.html

http://nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txt

http://rhn.redhat.com/errata/RHSA-2017-0794.html

http://www.debian.org/security/2016/dsa-3532

http://www.kb.cert.org/vuls/id/270232

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.securityfocus.com/bid/84318

http://www.ubuntu.com/usn/USN-2941-1

https://security.gentoo.org/glsa/201610-03

http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442

http://lists.opensuse.org/opensuse-updates/2016-03/msg00102.html

http://lists.opensuse.org/opensuse-updates/2016-03/msg00117.html

http://nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txt

http://rhn.redhat.com/errata/RHSA-2017-0794.html

http://www.debian.org/security/2016/dsa-3532

http://www.kb.cert.org/vuls/id/270232

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.securityfocus.com/bid/84318

http://www.ubuntu.com/usn/USN-2941-1

https://security.gentoo.org/glsa/201610-03