CVE-2016-2342

HIGH Year: 2016
CVSS v3 Score
8.1
High
CVSS v2 Score
7.6
High
Weakness Type
CWE-119
View all →

Vulnerability Description

The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet.

Related Vulnerabilities

CVE-2008-1083

HIGH
CVSS:8.1(High)

Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbi...

CWE-1192008

CVE-2009-2502

HIGH
CVSS:8.1(High)

Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2,...

CWE-1192009

CVE-2015-7547

HIGH
CVSS:8.1(High)

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a deni...

CWE-1192015

CVE-2015-8764

HIGH
CVSS:8.1(High)

Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.

CWE-1192015

CVE-2016-0778

HIGH
CVSS:8.1(High)

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly ma...

CWE-1192016

CVE-2016-0858

HIGH
CVSS:8.1(High)

Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted request.

CWE-1192016