cbcvebase.
CVE-2018-5378
published 2018-02-19

CVE-2018-5378: The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid…

PriorityP353medium5.9CVSS 3.0
AVNACHPRLUINSUCLINAH
EPSS
74.60%
99.4th percentile
The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.

Affected

9 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debiandebian_linux
quaggabgpd>= bpgd < 1.2.31.2.3
quaggaquagga<= 1.2.2
quaggaquagga>= 0 < 0.99.22.4-3ubuntu1.50.99.22.4-3ubuntu1.5
quaggaquagga>= 0 < 0.99.24.1-2ubuntu1.40.99.24.1-2ubuntu1.4

Detection & IOCsextracted from sources · hover to see the quote

  • Target process is bgpd (Quagga BGP daemon); monitor for out-of-bounds read triggered by a crafted BGP NOTIFY message with an invalid attribute length, which may cause bgpd to crash or leak up to 64KB of process memory to a peer.
  • Vulnerable Quagga bgpd versions are 1.1.0, 1.1.1, 1.2.0, 1.2.1, and 1.2.2; versions 0.99.x are NOT affected. Alert on these specific version strings in asset inventory or package scans.
  • The vulnerability is triggered via a BGP NOTIFY message with an invalid attribute length; inspect BGP (TCP port 179) traffic for NOTIFY messages where the attribute length field exceeds the actual data bounds.
  • ·Only Quagga versions after 1.1.0 (specifically 1.1.0–1.2.2) are affected; Quagga 0.99.x (shipped with RHEL 5/6/7/8) is NOT vulnerable.
  • ·On Ubuntu, this issue only affected Ubuntu 17.10; other Ubuntu releases were not impacted.
  • ·The upstream security advisory and patch are available at the Quagga project security page; reference for patch validation.

CVSS provenance

nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
nvdv2.04.9MEDIUMAV:N/AC:M/Au:S/C:P/I:N/A:P
osv5.9MEDIUM
vendor_redhat7.1HIGH
vendor_ubuntu7.1HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.