What is CVE-2018-5380?

CVE-2018-5380 is a medium-severity vulnerability in Quagga Bgpd, classified under Out-of-bounds Read. CVSS score: 4.3/10. Published 2018-02-19.

How severe is CVE-2018-5380?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Out-of-bounds Read in Quagga Bgpd

CVE-2018-5380

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.

Vulnerability class: Buffer Overflow

EPSS: 0.009 (75.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L.

Affected products

Quagga Bgpd — versions bpgd

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

References

USN-3573-1 (vendor-advisory, x_refsource_UBUNTU)
DSA-4115 (vendor-advisory, x_refsource_DEBIAN)
savannah.nongnu.org/forum/forum.php (x_refsource_CONFIRM)
GLSA-201804-17 (vendor-advisory, x_refsource_GENTOO)
[debian-lts-announce] 20180216 [SECURITY] [DLA 1286-1] quagga security update (mailing-list, x_refsource_MLIST)
gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1550.txt (x_refsource_CONFIRM)
VU#940439 (third-party-advisory, x_refsource_CERT-VN)
cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2018-5380?: CVE-2018-5380 is a medium-severity vulnerability in Quagga Bgpd, classified under Out-of-bounds Read. CVSS score: 4.3/10. Published 2018-02-19.
How severe is CVE-2018-5380?: Medium severity. CVSS v3 base score is 4.3 out of 10.