CVE-2018-5378
Published: 13 February 2018
The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.
Priority
CVSS 3 base score: 5.9
Notes
Author | Note |
---|---|
mdeslaur | this is Quagga-2018-0543 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5378
- https://www.quagga.net/security/Quagga-2018-0543.txt
- https://ubuntu.com/security/notices/USN-3573-1
- NVD
- Launchpad
- Debian