{"id":"USN-3471-1","summary":"quagga vulnerabilities","details":"Andreas Jaggi discovered that Quagga incorrectly handled certain BGP UPDATE\nmessages. A remote attacker could possibly use this issue to cause Quagga\nto crash, resulting in a denial of service. (CVE-2017-16227)\n\nQuentin Young discovered that Quagga incorrectly handled memory in the\ntelnet vty CLI. An attacker able to connect to the telnet interface could\npossibly use this issue to cause Quagga to consume memory, resulting in a\ndenial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu\n16.04 LTS. (CVE-2017-5495)\n","modified":"2026-02-10T04:41:14Z","published":"2017-10-31T18:10:28Z","related":["UBUNTU-CVE-2017-16227","UBUNTU-CVE-2017-5495"],"upstream":["CVE-2017-16227","CVE-2017-5495","UBUNTU-CVE-2017-16227","UBUNTU-CVE-2017-5495"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3471-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-5495"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-16227"}],"affected":[{"package":{"name":"quagga","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/quagga@0.99.22.4-3ubuntu1.4?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.99.22.4-3ubuntu1.4"}]}],"versions":["0.99.22.1-2","0.99.22.4-1","0.99.22.4-2","0.99.22.4-3","0.99.22.4-3ubuntu1","0.99.22.4-3ubuntu1.1","0.99.22.4-3ubuntu1.2","0.99.22.4-3ubuntu1.3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"0.99.22.4-3ubuntu1.4","binary_name":"quagga"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2017-5495"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2017-16227"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3471-1.json"}},{"package":{"name":"quagga","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/quagga@0.99.24.1-2ubuntu1.3?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.99.24.1-2ubuntu1.3"}]}],"versions":["0.99.24.1-2","0.99.24.1-2ubuntu1","0.99.24.1-2ubuntu1.1","0.99.24.1-2ubuntu1.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"0.99.24.1-2ubuntu1.3","binary_name":"quagga"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2017-5495"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2017-16227"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3471-1.json"}}],"schema_version":"1.7.3"}