Vulnerability Details CVE-2018-5379
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.239
EPSS Ranking 95.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.5
References
- http://savannah.nongnu.org/forum/forum.php?forum_id=9095
- http://www.kb.cert.org/vuls/id/940439
- http://www.securityfocus.com/bid/103105
- https://access.redhat.com/errata/RHSA-2018:0377
- https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf
- https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt
- https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html
- https://security.gentoo.org/glsa/201804-17
- https://usn.ubuntu.com/3573-1/
- https://www.debian.org/security/2018/dsa-4115
- http://savannah.nongnu.org/forum/forum.php?forum_id=9095
- http://www.kb.cert.org/vuls/id/940439
- http://www.securityfocus.com/bid/103105
- https://access.redhat.com/errata/RHSA-2018:0377
- https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf
- https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt
- https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html
- https://security.gentoo.org/glsa/201804-17
- https://usn.ubuntu.com/3573-1/
- https://www.debian.org/security/2018/dsa-4115
Products affected by CVE-2018-5379
-
cpe:2.3:a:quagga:quagga:-
-
cpe:2.3:a:quagga:quagga:0.95
-
cpe:2.3:a:quagga:quagga:0.96
-
cpe:2.3:a:quagga:quagga:0.96.1
-
cpe:2.3:a:quagga:quagga:0.96.2
-
cpe:2.3:a:quagga:quagga:0.96.3
-
cpe:2.3:a:quagga:quagga:0.96.4
-
cpe:2.3:a:quagga:quagga:0.96.5
-
cpe:2.3:a:quagga:quagga:0.97.0
-
cpe:2.3:a:quagga:quagga:0.97.1
-
cpe:2.3:a:quagga:quagga:0.97.2
-
cpe:2.3:a:quagga:quagga:0.97.3
-
cpe:2.3:a:quagga:quagga:0.97.4
-
cpe:2.3:a:quagga:quagga:0.97.5
-
cpe:2.3:a:quagga:quagga:0.98.0
-
cpe:2.3:a:quagga:quagga:0.98.1
-
cpe:2.3:a:quagga:quagga:0.98.2
-
cpe:2.3:a:quagga:quagga:0.98.3
-
cpe:2.3:a:quagga:quagga:0.98.4
-
cpe:2.3:a:quagga:quagga:0.98.5
-
cpe:2.3:a:quagga:quagga:0.98.6
-
cpe:2.3:a:quagga:quagga:0.99.1
-
cpe:2.3:a:quagga:quagga:0.99.10
-
cpe:2.3:a:quagga:quagga:0.99.11
-
cpe:2.3:a:quagga:quagga:0.99.12
-
cpe:2.3:a:quagga:quagga:0.99.13
-
cpe:2.3:a:quagga:quagga:0.99.14
-
cpe:2.3:a:quagga:quagga:0.99.15
-
cpe:2.3:a:quagga:quagga:0.99.16
-
cpe:2.3:a:quagga:quagga:0.99.17
-
cpe:2.3:a:quagga:quagga:0.99.18
-
cpe:2.3:a:quagga:quagga:0.99.19
-
cpe:2.3:a:quagga:quagga:0.99.2
-
cpe:2.3:a:quagga:quagga:0.99.20
-
cpe:2.3:a:quagga:quagga:0.99.20.1
-
cpe:2.3:a:quagga:quagga:0.99.21
-
cpe:2.3:a:quagga:quagga:0.99.22
-
cpe:2.3:a:quagga:quagga:0.99.22.1
-
cpe:2.3:a:quagga:quagga:0.99.22.2
-
cpe:2.3:a:quagga:quagga:0.99.22.3
-
cpe:2.3:a:quagga:quagga:0.99.22.4
-
cpe:2.3:a:quagga:quagga:0.99.23
-
cpe:2.3:a:quagga:quagga:0.99.23.1
-
cpe:2.3:a:quagga:quagga:0.99.24
-
cpe:2.3:a:quagga:quagga:0.99.24.1
-
cpe:2.3:a:quagga:quagga:0.99.3
-
cpe:2.3:a:quagga:quagga:0.99.4
-
cpe:2.3:a:quagga:quagga:0.99.5
-
cpe:2.3:a:quagga:quagga:0.99.6
-
cpe:2.3:a:quagga:quagga:0.99.7
-
cpe:2.3:a:quagga:quagga:0.99.8
-
cpe:2.3:a:quagga:quagga:0.99.9
-
cpe:2.3:a:quagga:quagga:1.0.20160309
-
cpe:2.3:a:quagga:quagga:1.0.20160315
-
cpe:2.3:a:quagga:quagga:1.0.20161017
-
cpe:2.3:a:quagga:quagga:1.1.0
-
cpe:2.3:a:quagga:quagga:1.1.1
-
cpe:2.3:a:quagga:quagga:1.2.0
-
cpe:2.3:a:quagga:quagga:1.2.1
-
cpe:2.3:a:quagga:quagga:1.2.2
-
cpe:2.3:h:siemens:ruggedcom_rox_ii:-
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:17.10
-
cpe:2.3:o:debian:debian_linux:7.0
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:redhat:enterprise_linux_server:7.0
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
-
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4
-
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5
-
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6
-
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4
-
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
-
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
-
cpe:2.3:o:siemens:ruggedcom_rox_ii_firmware:-
-
cpe:2.3:o:siemens:ruggedcom_rox_ii_firmware:2.10.0
-
cpe:2.3:o:siemens:ruggedcom_rox_ii_firmware:2.11.0
-
cpe:2.3:o:siemens:ruggedcom_rox_ii_firmware:2.9.0