Lucene search
PRIOn knowledge basePRION:CVE-2018-5381HistoryFeb 19, 2018 - 1:29 p.m.
Design/Logic Flaw
2018-02-1913:29:00
PRIOn knowledge base
www.prio-n.com
6
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of “Capabilities” in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ubuntu_linux | eq | 16.04 | |
| ubuntu_linux | eq | 14.04 | |
| ubuntu_linux | eq | 17.10 | |
| debian_linux | eq | 8.0 | |
| debian_linux | eq | 7.0 | |
| debian_linux | eq | 9.0 | |
| quagga | le | 1.2.2 | |
| ruggedcom_rox_ii_firmware | lt | 2.13.0 |
References
savannah.nongnu.org/forum/forum.php?forum_id=9095
www.kb.cert.org/vuls/id/940439
cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf
gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1975.txt
lists.debian.org/debian-lts-announce/2018/02/msg00021.html
security.gentoo.org/glsa/201804-17
usn.ubuntu.com/3573-1/
www.debian.org/security/2018/dsa-4115
Related
debiancve
debiancve
CVE-2018-5381
2018-02-19 13:29:00
cvelist
cvelist
CVE-2018-5381
2018-02-15 00:00:00
cve
cve
CVE-2018-5381
2018-02-19 13:29:00
CVE-2018-1000065
2018-02-16 14:29:00
ubuntucve
ubuntucve
CVE-2018-5381
2018-02-13 00:00:00
redhatcve
redhatcve
CVE-2018-5381
2018-02-16 00:49:38
checkpoint_advisories
checkpoint_advisories
Quagga BGP Daemon bgp_capability_msg_parse Denial-of-Service (CVE-2018-5381)
2019-02-17 00:00:00
nvd
nvd
CVE-2018-5381
2018-02-19 13:29:00
CVE-2018-1000065
2018-02-16 14:29:00
mageia
mageia
Updated quagga packages fix security vulnerability
2018-02-22 22:49:44
openvas
openvas
Huawei EulerOS: Security Advisory for quagga (EulerOS-SA-2019-2228)
2020-01-23 00:00:00
Mageia: Security Advisory (MGASA-2018-0133)
2022-01-28 00:00:00
Fedora Update for quagga FEDORA-2018-b3e985489b
2018-03-14 00:00:00
nessus
nessus
Siemens RuggedCom Server < v2.13.0 Multiple Vulnerabilities
2019-04-10 00:00:00
EulerOS 2.0 SP5 : quagga (EulerOS-SA-2019-2228)
2019-11-08 00:00:00
Amazon Linux AMI : quagga (ALAS-2018-957)
2018-02-22 00:00:00
osv
osv
quagga - security update
2018-02-15 00:00:00
quagga - security update
2018-02-16 00:00:00
ics
ics
Siemens RUGGEDCOM ROX II
2019-04-09 12:00:00
amazon
amazon
Important: quagga
2018-02-20 21:26:00
debian
debian
[SECURITY] [DSA 4115-1] quagga security update
2018-02-15 22:25:18
[SECURITY] [DSA 4115-1] quagga security update
2018-02-15 22:25:18
[SECURITY] [DLA 1286-1] quagga security update
2018-02-16 22:32:14
gentoo
gentoo
Quagga: Multiple vulnerabilities
2018-04-22 00:00:00
cert
cert
Quagga bgpd is affected by multiple vulnerabilities
2018-02-15 00:00:00
f5
f5
ubuntu
ubuntu
Quagga vulnerabilities
2018-02-16 00:00:00
freebsd
freebsd
quagga -- several security issues
2018-01-31 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: quagga-1.2.2-2.fc26
2018-03-06 17:34:22
[SECURITY] Fedora 27 Update: quagga-1.2.2-2.fc27
2018-03-06 17:35:18
suse
suse
Security update for quagga (important)
2018-02-16 06:10:08
Security update for quagga (important)
2018-02-19 15:13:50
Security update for quagga (important)
2018-02-16 06:08:44
rosalinux
rosalinux
Advisory ROSA-SA-2021-1960
2021-07-02 18:04:24