{"id":"MGASA-2016-0126","summary":"Updated quagga packages fix security vulnerability","details":"A vulnerability was found in a way VPNv4 NLRI parser copied packet data to\nthe stack. Memcpy to stack data structure based on length field from\npacket data whose length field upper-bound was not properly checked\n(CVE-2016-2342).\n","modified":"2026-04-16T06:24:35.458701008Z","published":"2016-03-26T15:07:38Z","upstream":["CVE-2016-2342"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0126.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=18060"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2016-03/msg00102.html"}],"affected":[{"package":{"name":"quagga","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/quagga?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.99.22.4-4.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0126.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}