CVE-2018-5380

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.

Published : 2018-02-19 13:29 Updated : 2019-10-09 23:41

4.0
CVSS Score More info
Score 4.0 / 10
4.0
Vendor Product Version URI
Quagga Quagga 1.2.2 cpe:/a:quagga:quagga:1.2.2
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
Debian Debian Linux 9.0 cpe:/o:debian:debian_linux:9.0
Canonical Ubuntu Linux 14.04 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
Canonical Ubuntu Linux 16.04 cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
Canonical Ubuntu Linux 17.10 cpe:/o:canonical:ubuntu_linux:17.10
Debian Debian Linux 7.0 cpe:/o:debian:debian_linux:7.0
  1. Canonical (1) Search CVE
    1. Ubuntu Linux (3) Search CVE
      1. 14.04
      2. 16.04
      3. 17.10
  2. Quagga (1) Search CVE
    1. Quagga (1) Search CVE
      1. 1.2.2
  3. Debian (1) Search CVE
    1. Debian Linux (3) Search CVE
      1. 8.0
      2. 9.0
      3. 7.0

CWE

ID Name Description Links
CWE-125 Out-of-bounds Read The software reads data past the end, or before the beginning, of the intended buffer. CVE

History of changes

Date Event
2019-04-12 18:23
2019-03-05 16:00
2018-10-21 10:29
2018-03-16 01:29
2018-03-14 18:32
2018-02-20 19:39
2018-02-19 13:29

New CVE