CVE-2016-1245

It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.

References

Affected packages

Git / github.com/quagga/quagga

Affected ranges

Type: GIT
Repo: https://github.com/quagga/quagga
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

cfb1fae25f8c092e0d17073eaf7bd428ce1cd546

Affected versions

RE-0.*

RE-0.99.17.1

RE-0.99.17.2

RE-0.99.17.3

RE-0.99.17.4

RE-0.99.17.5

RE-0.99.17.6

Other

bgp_rserver_after

bgp_rserver_before

import_isisd_sf_20031223

libtool-after

libtool-before

merge_zprivs_head_1

merge_zprivs_head_2

merge_zprivs_head_3

merge_zprivs_head_4

nonblocking_zclient_after

nonblocking_zclient_before

nonblocking_zserv_after

nonblocking_zserv_before

ospf_api

patch_revert_debug_nssa_patch

patch_vtysh_add_ssh_fix

patch_vtysh_pagesize

patch_z12269_linkstate

patch_z14599_multicast_inactive_if

patch_z14631_ptp_rfc3021

patch_z14800_ospfd_ptmp

patch_z15554_vtysh_writeconf

patch_z15646_ospfd_seqnum_time

patch_z15715_ospf_md5

patch_z15769_ripv1

patch_z16525_kame

patch_z16681_ospfd_nssa

patch_z16823

patch_z16824_nsm_kill_neighbour

patch_z17217_show_thread_cpu

patch_z17218_cli_walk_up

patch_z17290_ifupstaticfix

patch_z17290_portfix

patch_z17335_ospfd_doc

patch_z17352_ptp_network_match

post_bgp_workqueus

pre-rfc2301

pre_bgp_workqueus

quagga_0_96_1_release

quagga_0_96_2_release

quagga_0_96_3_release

quagga_0_96_4_release

quagga_0_96_5_release

quagga_0_96_release

quagga_0_97_0_release

quagga_0_97_1_release

quagga_0_97_2_release

quagga_0_97_3_release

quagga_0_97_4_release

quagga_0_97_5_release

quagga_0_98_0_release

quagga_0_99_10_release

quagga_0_99_11_release

quagga_0_99_12_release

quagga_0_99_13_release

quagga_0_99_14_release

quagga_0_99_15_release

quagga_0_99_16_release

quagga_0_99_17_release

quagga_0_99_18_release

quagga_0_99_19_release

quagga_0_99_1_release

quagga_0_99_20_release

quagga_0_99_21_release

quagga_0_99_2_release

quagga_0_99_3_release

quagga_0_99_4_release

quagga_0_99_5_release

quagga_0_99_6_release

quagga_0_99_7_release

quagga_0_99_8_release

quagga_0_99_9_release

quagga_post_listloop_cleanup

quagga_pre_listloop_cleanup

rfc3021-ipv6-fix

quagga-0.*

quagga-0.99.22

quagga-0.99.22-rc1

quagga-0.99.23

quagga-0.99.23-rc1

quagga-0.99.24

quagga-0.99.24-rc1

quagga-1.*

quagga-1.0.20160309

quagga-1.0.20160315

Database specific

vanir_signatures

[
    {
        "id": "CVE-2016-1245-16d8a6bb",
        "source": "https://github.com/quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546",
        "digest": {
            "length": 530.0,
            "function_hash": "35130448944641319665980278253845251263"
        },
        "signature_version": "v1",
        "target": {
            "function": "rtadv_read",
            "file": "zebra/rtadv.c"
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "id": "CVE-2016-1245-3b967512",
        "source": "https://github.com/quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546",
        "digest": {
            "line_hashes": [
                "303090784983956718529097018062121597088",
                "56358507261596026835733891490005575257",
                "77969341907554756356165149074813965963",
                "57935677522198402311240165415701137228"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "zebra/rtadv.c"
        },
        "signature_type": "Line",
        "deprecated": false
    }
]