Unrated severityNVD Advisory· Published Feb 19, 2018· Updated Sep 16, 2024

CVE-2018-5378

Description

The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.

Affected products

osv-coords21 versions
pkg:rpm/opensuse/quagga&distro=openSUSE%20Tumbleweed pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3 pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4 pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2 pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2 pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4 pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4 pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2 pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/quagga&distro=SUSE%20OpenStack%20Cloud%206
< 1.2.4-2.14+ 20 more
- (no CPE)range: < 1.2.4-2.14
- (no CPE)range: < 0.99.15-0.30.3.1
- (no CPE)range: < 0.99.15-0.30.3.1
- (no CPE)range: < 0.99.15-0.30.3.1
- (no CPE)range: < 0.99.15-0.30.3.1
- (no CPE)range: < 0.99.22.1-16.4.1
- (no CPE)range: < 1.1.1-17.7.1
- (no CPE)range: < 1.1.1-17.7.1
- (no CPE)range: < 1.1.1-17.13.1
- (no CPE)range: < 0.99.22.1-16.4.1
- (no CPE)range: < 1.1.1-17.7.1
- (no CPE)range: < 0.99.15-0.30.3.1
- (no CPE)range: < 0.99.22.1-16.4.1
- (no CPE)range: < 1.1.1-17.7.1
- (no CPE)range: < 1.1.1-17.7.1
- (no CPE)range: < 1.1.1-17.13.1
- (no CPE)range: < 0.99.15-0.30.3.1
- (no CPE)range: < 1.1.1-17.7.1
- (no CPE)range: < 1.1.1-17.7.1
- (no CPE)range: < 1.1.1-17.13.1
- (no CPE)range: < 0.99.22.1-16.4.1
Quagga/bgpdv5
Range: bpgd

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/940439mitrethird-party-advisoryx_refsource_CERT-VN
security.gentoo.org/glsa/201804-17mitrevendor-advisoryx_refsource_GENTOO
usn.ubuntu.com/3573-1/mitrevendor-advisoryx_refsource_UBUNTU
www.debian.org/security/2018/dsa-4115mitrevendor-advisoryx_refsource_DEBIAN
savannah.nongnu.org/forum/forum.phpmitrex_refsource_CONFIRM
gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-0543.txtmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000