Lucene search

K

CertccCVELIST:CVE-2018-5379

HistoryFeb 19, 2018 - 1:00 p.m.

CVE-2018-5379

2018-02-1913:00:00

CWE-415

certcc

www.cve.org

7

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.056

Percentile

93.3%

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.

CNA Affected

[
  {
    "product": "bgpd",
    "vendor": "Quagga",
    "versions": [
      {
        "lessThan": "1.2.3",
        "status": "affected",
        "version": "bpgd",
        "versionType": "custom"
      }
    ]
  }
]

References

savannah.nongnu.org/forum/forum.php?forum_id=9095

www.kb.cert.org/vuls/id/940439

www.securityfocus.com/bid/103105

access.redhat.com/errata/RHSA-2018:0377

cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf

gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt

lists.debian.org/debian-lts-announce/2018/02/msg00021.html

security.gentoo.org/glsa/201804-17

usn.ubuntu.com/3573-1/

www.debian.org/security/2018/dsa-4115

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.056

Percentile

93.3%

Related for CVELIST:CVE-2018-5379

redhatcve1 nvd2 nessus25 ubuntucve1 cve2 openvas14 oraclelinux1 redhat1 debiancve1 centos1 checkpoint_advisories1 prion1 osv4 ics1 amazon1 mageia1 debian3 gentoo1 ubuntu1 freebsd1 fedora2 cert1 f51 suse4