View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-2342 severity moderate: SUSE including 33 source package names (libfpm_pb0, libfpm_pb0-1.1.1-2.29, …), 141 product×package rows across 41 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, … (41 product lines)): Fixed 79, Known Not Affected 62.
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet.