bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Quagga | Quagga | * | 0.99.8 (including) |
| Quagga | Quagga | 0.95 (including) | 0.95 (including) |
| Quagga | Quagga | 0.96 (including) | 0.96 (including) |
| Quagga | Quagga | 0.96.1 (including) | 0.96.1 (including) |
| Quagga | Quagga | 0.96.2 (including) | 0.96.2 (including) |
| Quagga | Quagga | 0.96.3 (including) | 0.96.3 (including) |
| Quagga | Quagga | 0.96.4 (including) | 0.96.4 (including) |
| Quagga | Quagga | 0.96.5 (including) | 0.96.5 (including) |
| Quagga | Quagga | 0.97.0 (including) | 0.97.0 (including) |
| Quagga | Quagga | 0.97.1 (including) | 0.97.1 (including) |
| Quagga | Quagga | 0.97.2 (including) | 0.97.2 (including) |
| Quagga | Quagga | 0.97.3 (including) | 0.97.3 (including) |
| Quagga | Quagga | 0.97.4 (including) | 0.97.4 (including) |
| Quagga | Quagga | 0.97.5 (including) | 0.97.5 (including) |
| Quagga | Quagga | 0.98.0 (including) | 0.98.0 (including) |
| Quagga | Quagga | 0.98.1 (including) | 0.98.1 (including) |
| Quagga | Quagga | 0.98.2 (including) | 0.98.2 (including) |
| Quagga | Quagga | 0.98.3 (including) | 0.98.3 (including) |
| Quagga | Quagga | 0.98.4 (including) | 0.98.4 (including) |
| Quagga | Quagga | 0.98.5 (including) | 0.98.5 (including) |
| Quagga | Quagga | 0.98.6 (including) | 0.98.6 (including) |
| Quagga | Quagga | 0.99.1 (including) | 0.99.1 (including) |
| Quagga | Quagga | 0.99.2 (including) | 0.99.2 (including) |
| Quagga | Quagga | 0.99.3 (including) | 0.99.3 (including) |
| Quagga | Quagga | 0.99.4 (including) | 0.99.4 (including) |
| Quagga | Quagga | 0.99.5 (including) | 0.99.5 (including) |
| Quagga | Quagga | 0.99.6 (including) | 0.99.6 (including) |
| Quagga | Quagga | 0.99.7 (including) | 0.99.7 (including) |