Quagga Bgpd
4 CVEs affecting Quagga Bgpd. Latest disclosed: 2018-02-19. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-5379 | High | 7.5 | 2018-02-19 | The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unkn… |
CVE-2018-5378 | High | 7.1 | 2018-02-19 | The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Ar… |
CVE-2018-5381 | Medium | 6.5 | 2018-02-19 | The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_par… |
CVE-2018-5380 | Medium | 4.3 | 2018-02-19 | The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. |