The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.
2003-12-15T05:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 5.0 (MEDIUM)
AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | gnu | zebra | 0.91a | Yes |
| Application | gnu | zebra | 0.92a | Yes |
| Application | gnu | zebra | 0.93a | Yes |
| Application | gnu | zebra | 0.93b | Yes |
| Application | quagga | quagga | ≤ 0.96.3 | Yes |
| Application | quagga | quagga | 0.95 | Yes |
| Application | quagga | quagga | 0.96 | Yes |
| Application | quagga | quagga | 0.96.1 | Yes |
| Application | quagga | quagga | 0.96.2 | Yes |
| Application | sgi | propack | 2.2.1 | Yes |
| Application | sgi | propack | 2.3 | Yes |