{"id":"CVE-2016-1245","details":"It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.","modified":"2026-04-11T12:02:13.273101Z","published":"2017-02-22T23:59:00.143Z","related":["MGASA-2016-0374","SUSE-SU-2016:2569-1","SUSE-SU-2016:2618-1","SUSE-SU-2017:2294-1","openSUSE-SU-2024:10362-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.0"}],"cpe":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"}]},"references":[{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-0794.html"},{"type":"ADVISORY","url":"http://www.gossamer-threads.com/lists/quagga/users/31952"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/93775"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-48"},{"type":"ADVISORY","url":"https://www.debian.org/security/2016/dsa-3695"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1386109"},{"type":"FIX","url":"https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/Quagga/quagga","events":[{"introduced":"0"},{"last_affected":"86c5d2ee68f7b9c00ae4aeb5c8b3c5d82c5ebffc"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"1.0.20160315"}],"cpe":"cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*"}}],"versions":["bgp_rserver_after","bgp_rserver_before","import_isisd_sf_20031223","libtool-after","libtool-before","merge_zprivs_head_1","merge_zprivs_head_2","merge_zprivs_head_3","merge_zprivs_head_4","nonblocking_zclient_after","nonblocking_zclient_before","nonblocking_zserv_after","nonblocking_zserv_before","ospf_api","patch_revert_debug_nssa_patch","patch_vtysh_add_ssh_fix","patch_vtysh_pagesize","patch_z12269_linkstate","patch_z14599_multicast_inactive_if","patch_z14631_ptp_rfc3021","patch_z14800_ospfd_ptmp","patch_z15554_vtysh_writeconf","patch_z15646_ospfd_seqnum_time","patch_z15715_ospf_md5","patch_z15769_ripv1","patch_z16525_kame","patch_z16681_ospfd_nssa","patch_z16823","patch_z16824_nsm_kill_neighbour","patch_z17217_show_thread_cpu","patch_z17218_cli_walk_up","patch_z17290_ifupstaticfix","patch_z17290_portfix","patch_z17335_ospfd_doc","patch_z17352_ptp_network_match","post_bgp_workqueus","pre-rfc2301","pre_bgp_workqueus","quagga-0.99.22","quagga-0.99.22-rc1","quagga-0.99.23","quagga-0.99.23-rc1","quagga-0.99.24","quagga-0.99.24-rc1","quagga-1.0.20160309","quagga-1.0.20160315","quagga_0_96_1_release","quagga_0_96_2_release","quagga_0_96_3_release","quagga_0_96_4_release","quagga_0_96_5_release","quagga_0_96_release","quagga_0_97_0_release","quagga_0_97_1_release","quagga_0_97_2_release","quagga_0_97_3_release","quagga_0_97_4_release","quagga_0_97_5_release","quagga_0_98_0_release","quagga_0_99_10_release","quagga_0_99_11_release","quagga_0_99_12_release","quagga_0_99_13_release","quagga_0_99_14_release","quagga_0_99_15_release","quagga_0_99_16_release","quagga_0_99_17_release","quagga_0_99_18_release","quagga_0_99_19_release","quagga_0_99_1_release","quagga_0_99_20_release","quagga_0_99_21_release","quagga_0_99_2_release","quagga_0_99_3_release","quagga_0_99_4_release","quagga_0_99_5_release","quagga_0_99_6_release","quagga_0_99_7_release","quagga_0_99_8_release","quagga_0_99_9_release","quagga_post_listloop_cleanup","quagga_pre_listloop_cleanup","rfc3021-ipv6-fix"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-1245.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/quagga/quagga","events":[{"introduced":"0"},{"fixed":"cfb1fae25f8c092e0d17073eaf7bd428ce1cd546"}],"database_specific":{"source":"REFERENCES"}}],"versions":["bgp_rserver_after","bgp_rserver_before","import_isisd_sf_20031223","libtool-after","libtool-before","merge_zprivs_head_1","merge_zprivs_head_2","merge_zprivs_head_3","merge_zprivs_head_4","nonblocking_zclient_after","nonblocking_zclient_before","nonblocking_zserv_after","nonblocking_zserv_before","ospf_api","patch_revert_debug_nssa_patch","patch_vtysh_add_ssh_fix","patch_vtysh_pagesize","patch_z12269_linkstate","patch_z14599_multicast_inactive_if","patch_z14631_ptp_rfc3021","patch_z14800_ospfd_ptmp","patch_z15554_vtysh_writeconf","patch_z15646_ospfd_seqnum_time","patch_z15715_ospf_md5","patch_z15769_ripv1","patch_z16525_kame","patch_z16681_ospfd_nssa","patch_z16823","patch_z16824_nsm_kill_neighbour","patch_z17217_show_thread_cpu","patch_z17218_cli_walk_up","patch_z17290_ifupstaticfix","patch_z17290_portfix","patch_z17335_ospfd_doc","patch_z17352_ptp_network_match","post_bgp_workqueus","pre-rfc2301","pre_bgp_workqueus","quagga-0.99.22","quagga-0.99.22-rc1","quagga-0.99.23","quagga-0.99.23-rc1","quagga-0.99.24","quagga-0.99.24-rc1","quagga-1.0.20160309","quagga-1.0.20160315","quagga_0_96_1_release","quagga_0_96_2_release","quagga_0_96_3_release","quagga_0_96_4_release","quagga_0_96_5_release","quagga_0_96_release","quagga_0_97_0_release","quagga_0_97_1_release","quagga_0_97_2_release","quagga_0_97_3_release","quagga_0_97_4_release","quagga_0_97_5_release","quagga_0_98_0_release","quagga_0_99_10_release","quagga_0_99_11_release","quagga_0_99_12_release","quagga_0_99_13_release","quagga_0_99_14_release","quagga_0_99_15_release","quagga_0_99_16_release","quagga_0_99_17_release","quagga_0_99_18_release","quagga_0_99_19_release","quagga_0_99_1_release","quagga_0_99_20_release","quagga_0_99_21_release","quagga_0_99_2_release","quagga_0_99_3_release","quagga_0_99_4_release","quagga_0_99_5_release","quagga_0_99_6_release","quagga_0_99_7_release","quagga_0_99_8_release","quagga_0_99_9_release","quagga_post_listloop_cleanup","quagga_pre_listloop_cleanup","rfc3021-ipv6-fix"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-1245.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}