suse · CVE-2016-2342

Quick triage

Priority: medium Published: 2021-05-30 13:39:34 UTC Updated: 2025-03-25 01:15:09 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2016-2342 severity moderate: SUSE including 33 source package names (libfpm_pb0, libfpm_pb0-1.1.1-2.29, …), 141 product×package rows across 41 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, … (41 product lines)): Fixed 79, Known Not Affected 62.

Description:

The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet.

cvelogic Threat Intelligence