{"id":"CVE-2016-1245","details":"It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.","modified":"2026-07-08T12:43:38.567854Z","published":"2017-02-22T23:59:00.143Z","related":["SUSE-SU-2016:2569-1","SUSE-SU-2016:2618-1","SUSE-SU-2017:2294-1","openSUSE-SU-2024:10362-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"introduced":"8.0"},{"last_affected":"8.0"}],"vendor_product":"debian:debian_linux","source":"CPE_STRING","cpes":["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}]},"references":[{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-0794.html"},{"type":"ADVISORY","url":"http://www.gossamer-threads.com/lists/quagga/users/31952"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/93775"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-48"},{"type":"ADVISORY","url":"https://www.debian.org/security/2016/dsa-3695"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1386109"},{"type":"FIX","url":"https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/quagga/quagga","events":[{"introduced":"0"},{"last_affected":"86c5d2ee68f7b9c00ae4aeb5c8b3c5d82c5ebffc"},{"fixed":"cfb1fae25f8c092e0d17073eaf7bd428ce1cd546"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"1.0.20160315"}],"cpe":"cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*","source":["CPE_RANGE","REFERENCES"]}}],"versions":["quagga-1.0.20160315","quagga-1.0.20160309","quagga-0.99.24","quagga-0.99.24-rc1","quagga-0.99.23","quagga-0.99.23-rc1","quagga-0.99.22","quagga-0.99.22-rc1","quagga_0_99_21_release","quagga_0_99_20_release","quagga_0_99_19_release","quagga_0_99_18_release","quagga_0_99_17_release","quagga_0_99_16_release","quagga_0_99_15_release","quagga_0_99_14_release","quagga_0_99_13_release","quagga_0_99_12_release","quagga_0_99_11_release","quagga_0_99_10_release","quagga_0_99_9_release","quagga_0_99_8_release","quagga_0_99_7_release","quagga_0_99_5_release","quagga_0_99_6_release","quagga_0_99_4_release","quagga_0_99_3_release","quagga_0_99_2_release","post_bgp_workqueus","pre_bgp_workqueus","quagga_0_99_1_release","nonblocking_zclient_after","nonblocking_zclient_before","quagga_post_listloop_cleanup","quagga_pre_listloop_cleanup","nonblocking_zserv_after","nonblocking_zserv_before","quagga_0_98_0_release","quagga_0_97_5_release","quagga_0_97_4_release","quagga_0_97_3_release","quagga_0_97_2_release","quagga_0_97_1_release","quagga_0_97_0_release","bgp_rserver_after","bgp_rserver_before","libtool-after","libtool-before","quagga_0_96_5_release","import_isisd_sf_20031223","quagga_0_96_4_release","quagga_0_96_3_release","quagga_0_96_2_release","quagga_0_96_1_release","quagga_0_96_release","merge_zprivs_head_4","merge_zprivs_head_3","merge_zprivs_head_2","merge_zprivs_head_1","ospf_api","patch_revert_debug_nssa_patch","patch_vtysh_add_ssh_fix","patch_z17352_ptp_network_match","patch_vtysh_pagesize","patch_z17290_portfix","patch_z17290_ifupstaticfix","patch_z17335_ospfd_doc","rfc3021-ipv6-fix","patch_z17218_cli_walk_up","patch_z16823","patch_z16824_nsm_kill_neighbour","patch_z17217_show_thread_cpu","patch_z16681_ospfd_nssa","patch_z16525_kame","patch_z14631_ptp_rfc3021","pre-rfc2301","patch_z12269_linkstate","patch_z14800_ospfd_ptmp","patch_z15715_ospf_md5","patch_z15646_ospfd_seqnum_time","patch_z14599_multicast_inactive_if","patch_z15769_ripv1","patch_z15554_vtysh_writeconf"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","signature_type":"Function","digest":{"length":530,"function_hash":"35130448944641319665980278253845251263"},"id":"CVE-2016-1245-16d8a6bb","deprecated":false,"target":{"file":"zebra/rtadv.c","function":"rtadv_read"},"source":"https://github.com/quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546"},{"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["303090784983956718529097018062121597088","56358507261596026835733891490005575257","77969341907554756356165149074813965963","57935677522198402311240165415701137228"]},"id":"CVE-2016-1245-3b967512","deprecated":false,"target":{"file":"zebra/rtadv.c"},"source":"https://github.com/quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1245.json","vanir_signatures_modified":"2026-07-08T12:43:38Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}