Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
436
VMScore

CVE-2018-5378

Published: 19/02/2018 Updated: 09/10/2019
CVSS v2 Base Score: 4.9 | Impact Score: 4.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 5.9 | Impact Score: 4.2 | Exploitability Score: 1.6
VMScore: 436
Vector: AV:N/AC:M/Au:S/C:P/I:N/A:P

Vulnerability Summary

The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.

Vulnerable Product Search on Vulmon Subscribe to Product

quagga quagga

debian debian linux 9.0

debian debian linux 8.0

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

canonical ubuntu linux 17.10

Vendor Advisories

Ubuntu Security Notice: quagga vulnerabilities
Several security issues were fixed in Quagga ...
Debian CVElist Bug Report Logs: quagga: CVE-2018-5378 CVE-2018-5379 CVE-2018-5380 CVE-2018-5381
Debian Bug report logs - #890563 quagga: CVE-2018-5378 CVE-2018-5379 CVE-2018-5380 CVE-2018-5381 Package: src:quagga; Maintainer for src:quagga is Brett Parker <iDunno@sommitrealweirdcouk>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 15 Feb 2018 22:42:05 UTC Severity: serious Tags: fixed-upstre ...
Debian Security Advisories: DSA-4115-1 quagga -- security update
Several vulnerabilities have been discovered in Quagga, a routing daemon The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-5378 It was discovered that the Quagga BGP daemon, bgpd, does not properly bounds check data sent with a NOTIFY to a peer, if an attribute length is invalid A configured B ...
Red Hat: CVE-2018-5378
An out-of-bounds read vulnerability was discovered in Quagga A BGP peer could send a specially crafted message which would cause Quagga to read out of bounds, potentially causing a crash or disclosure of up to 64KB process memory to the peer ...

References

CWE-119https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-0543.txthttp://www.kb.cert.org/vuls/id/940439http://savannah.nongnu.org/forum/forum.php?forum_id=9095https://www.debian.org/security/2018/dsa-4115https://usn.ubuntu.com/3573-1/https://security.gentoo.org/glsa/201804-17https://usn.ubuntu.com/3573-1/https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/940439
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
injectCVE-2024-34001CVE-2024-37018LFICVE-2024-1275CVE-2024-1086CSRFCVE-2024-31030CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook