QwikSec

Security Database

CVE

CWE

Training

CVE-2018-5378

Published: Feb 19, 2018

Modified: Sep 16, 2024

PUBLISHED

CVSS v3.0

7.1

HIGH

Description

The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.

Vendor	Product	Versions
Quagga	bgpd	affected `bpgd - < 1.2.3`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

References

https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-0543.txt

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_DEBIAN

http://savannah.nongnu.org/forum/forum.php?forum_id=9095

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

third-party-advisory

x_refsource_CERT-VN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.