The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.
cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:* versions up to 0.96.3 (inclusive)
|59786||Quagga < 0.96.4 Zebra Denial of Service Vulnerability||Nessus||Misc.|
|15252||Debian DSA-415-1 : zebra - denial of service||Nessus||Debian Local Security Checks|
|12427||RHEL 2.1 : zebra (RHSA-2003:305)||Nessus||Red Hat Local Security Checks|
|11925||Quagga / Zebra Malformed Telnet Command Denial of Service||Nessus||Denial of Service|