Quagga is vulnerable to stack-based buffer overflow attacks. When a certain VPNv4 configuration is used a remote attacker may crash Quagga BGP routing daemon (bgpd) which leads to denial of service (DoS).
git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442
lists.opensuse.org/opensuse-updates/2016-03/msg00102.html
lists.opensuse.org/opensuse-updates/2016-03/msg00117.html
nongnu.askapache.com//quagga/quagga-1.0.20160309.changelog.txt
rhn.redhat.com/errata/RHSA-2017-0794.html
www.debian.org/security/2016/dsa-3532
www.kb.cert.org/vuls/id/270232
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
www.securityfocus.com/bid/84318
www.ubuntu.com/usn/USN-2941-1
access.redhat.com/errata/RHSA-2017:0794
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=674862
bugzilla.redhat.com/show_bug.cgi?id=770731
bugzilla.redhat.com/show_bug.cgi?id=839620
bugzilla.redhat.com/show_bug.cgi?id=842308
bugzilla.redhat.com/show_bug.cgi?id=862826
security.gentoo.org/glsa/201610-03