CVE-2018-5378

Publication date 13 February 2018

Last updated 25 August 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

5.9 · Medium

Score breakdown

Description

The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.

Read the notes from the security team

Status

Package Ubuntu Release Status
quagga 17.10 artful
Fixed 1.1.1-3ubuntu0.2
16.04 LTS xenial
Not affected
14.04 LTS trusty Not in release

Notes

mdeslaur

this is Quagga-2018-0543

Severity score breakdown

CVSS version: CVSS v3.0

Base score 5.9 · Medium

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-3573-1
    • Quagga vulnerabilities
    • 16 February 2018

Other references

Access our resources on patching vulnerabilities