[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2018-5380Date: (C)2018-02-28   (M)2023-12-22


The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 4.3CVSS Score : 4.0
Exploit Score: 2.8Exploit Score: 8.0
Impact Score: 1.4Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication: SINGLE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: PARTIAL
Integrity: NONE 
Availability: LOW 
  
Reference:
DSA-4115
GLSA-201804-17
USN-3573-1
VU#940439
https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html
http://savannah.nongnu.org/forum/forum.php?forum_id=9095
https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf
https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1550.txt

CPE    6
cpe:/o:debian:debian_linux:9.0
cpe:/o:debian:debian_linux:7.0
cpe:/o:debian:debian_linux:8.0
cpe:/a:quagga:quagga
...
CWE    1
CWE-125
OVAL    10
oval:org.secpod.oval:def:1600840
oval:org.secpod.oval:def:89002283
oval:org.secpod.oval:def:89043661
oval:org.secpod.oval:def:114077
...

© SecPod Technologies