CVE-2018-5381

The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.

Published : 2018-02-19 13:29 Updated : 2019-10-09 23:41

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Quagga Quagga 1.2.2 cpe:/a:quagga:quagga:1.2.2
Canonical Ubuntu Linux 14.04 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
Canonical Ubuntu Linux 16.04 cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
Canonical Ubuntu Linux 17.10 cpe:/o:canonical:ubuntu_linux:17.10
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
Debian Debian Linux 9.0 cpe:/o:debian:debian_linux:9.0
Debian Debian Linux 7.0 cpe:/o:debian:debian_linux:7.0
  1. Canonical (1) Search CVE
    1. Ubuntu Linux (3) Search CVE
      1. 14.04
      2. 16.04
      3. 17.10
  2. Quagga (1) Search CVE
    1. Quagga (1) Search CVE
      1. 1.2.2
  3. Debian (1) Search CVE
    1. Debian Linux (3) Search CVE
      1. 8.0
      2. 9.0
      3. 7.0

CWE

ID Name Description Links
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. CVE

History of changes

Date Event
2019-10-03 00:03
2019-04-12 18:04
2019-03-05 16:01
2018-10-21 10:29
2018-03-16 01:29
2018-03-12 15:36
2018-02-20 19:39
2018-02-19 13:29

New CVE