Your submission was sent successfully! Close

CVE-2018-5378

Published: 13 February 2018

The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.

Priority

Medium

CVSS 3 base score: 5.9

Status

Package Release Status
quagga
Launchpad, Ubuntu, Debian
artful
Released (1.1.1-3ubuntu0.2)
precise Does not exist

trusty Does not exist
(trusty was not-affected [code not present])
upstream
Released (1.2.3)
xenial Not vulnerable
(code not present)