CVE-2018-5380
published 2018-02-19CVE-2018-5380: The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
PriorityP428medium4.3CVSS 3.0
AVNACLPRLUINSUCNINAL
EPSS
15.11%
96.3th percentile
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| quagga | bgpd | >= bpgd < 1.2.3 | 1.2.3 |
| quagga | quagga | <= 1.2.2 | — |
| quagga | quagga | >= 0 < 0.99.22.4-3ubuntu1.5 | 0.99.22.4-3ubuntu1.5 |
| quagga | quagga | >= 0 < 0.99.24.1-2ubuntu1.4 | 0.99.24.1-2ubuntu1.4 |
| siemens | ruggedcom_rox_ii_firmware | < 2.13.0 | 2.13.0 |
CVSS provenance
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv5.9MEDIUM
vendor_ubuntu7.1HIGH
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-265f-c4jh-jcfq: The Quagga BGP daemon (bgpd) prior to version 1
ghsa_unreviewed·2022-05-13
CVE-2018-5380 [MEDIUM] CWE-125 GHSA-265f-c4jh-jcfq: The Quagga BGP daemon (bgpd) prior to version 1
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
OSV
quagga vulnerabilities
osv·2018-02-16·CVSS 5.9
CVE-2018-5379 [MEDIUM] quagga vulnerabilities
quagga vulnerabilities
It was discovered that a double-free vulnerability existed in the
Quagga BGP daemon when processing certain forms of UPDATE message.
A remote attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2018-5379)
It was discovered that the Quagga BGP daemon did not properly bounds
check the data sent with a NOTIFY to a peer. An attacker could use this
to expose sensitive information or possibly cause a denial of service.
This issue only affected Ubuntu 17.10. (CVE-2018-5378)
It was discovered that a table overrun vulnerability existed in the
Quagga BGP daemon. An attacker in control of a configured peer could
use this to possibly expose sensitive information or possibly cause
a denial of service. (CVE-2018-5380)
It was discovered
OSV
CVE-2018-5380: The Quagga BGP daemon (bgpd) prior to version 1
osv·2018-02-13·CVSS 4.3
CVE-2018-5380 [MEDIUM] CVE-2018-5380: The Quagga BGP daemon (bgpd) prior to version 1
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
CISA ICS
Siemens RUGGEDCOM ROX II
cisa_ics·2019-04-09·CVSS 7.5
[HIGH] Siemens RUGGEDCOM ROX II
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens RUGGEDCOM ROX II
Last RevisedApril 09, 2019
Alert CodeICSA-19-099-05
## 1. EXECUTIVE SUMMARY
-
CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Siemens
- Equipment: RUGGEDCOM ROX II
- Vulnerabilities: Double Free, Out-of-bounds Read, Uncontrolled Resource Consumption
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could result in remote code execution and/or a denial-of-service condition.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following RUGGEDCOM product is affected:
- RUGGEDCOM ROX II: All
Ubuntu
Quagga vulnerabilities
vendor_ubuntu·2018-02-16·CVSS 7.1
CVE-2018-5378 [HIGH] Quagga vulnerabilities
Title: Quagga vulnerabilities
Summary: Several security issues were fixed in Quagga.
It was discovered that a double-free vulnerability existed in the
Quagga BGP daemon when processing certain forms of UPDATE message.
A remote attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2018-5379)
It was discovered that the Quagga BGP daemon did not properly bounds
check the data sent with a NOTIFY to a peer. An attacker could use this
to expose sensitive information or possibly cause a denial of service.
This issue only affected Ubuntu 17.10. (CVE-2018-5378)
It was discovered that a table overrun vulnerability existed in the
Quagga BGP daemon. An attacker in control of a configured peer could
use this to possibly expose sensitive information or possibl
Red Hat
quagga: bgpd can overrun internal BGP code-to-string conversion tables potentially allowing crash
vendor_redhat·2018-02-15·CVSS 4.3
CVE-2018-5380 [MEDIUM] CWE-125 quagga: bgpd can overrun internal BGP code-to-string conversion tables potentially allowing crash
quagga: bgpd can overrun internal BGP code-to-string conversion tables potentially allowing crash
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
A vulnerability was found in Quagga, in the log formatting code. Specially crafted messages sent by BGP peers could cause Quagga to read one element past the end of certain static arrays, causing arbitrary binary data to appear in the logs or potentially, a crash.
Statement: Red Hat Product Security has given this vulnerability a rating of Low. We believe the potential for a crash on supported architectures is very small.
Package: quagga (Red Hat Enterprise Linux 5) - Will not fix
Package: quagga (Red Hat Enterprise Linux 6) - Wil
No detection rules found.
No public exploits indexed.
Tenable
Critical Vulnerability in Siemens Spectrum Power (CVE-2019-6579) Patched in Monthly Advisory
blogs_tenable·2019-04-10·CVSS 9.8
[CRITICAL] Critical Vulnerability in Siemens Spectrum Power (CVE-2019-6579) Patched in Monthly Advisory
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bugzilla
CVE-2018-5380 quagga: bgpd can overrun internal BGP code-to-string conversion tables potentially allowing crash [fedora-all]
bugzilla·2018-02-16·CVSS 4.3
CVE-2018-5380 [MEDIUM] CVE-2018-5380 quagga: bgpd can overrun internal BGP code-to-string conversion tables potentially allowing crash [fedora-all]
CVE-2018-5380 quagga: bgpd can overrun internal BGP code-to-string conversion tables potentially allowing crash [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE:
Bugzilla
CVE-2018-5380 quagga: bgpd can overrun internal BGP code-to-string conversion tables potentially allowing crash
bugzilla·2018-02-07·CVSS 4.3
CVE-2018-5380 [MEDIUM] CVE-2018-5380 quagga: bgpd can overrun internal BGP code-to-string conversion tables potentially allowing crash
CVE-2018-5380 quagga: bgpd can overrun internal BGP code-to-string conversion tables potentially allowing crash
The Quagga BGP daemon, bgpd, can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
The impact is thought to be very low. The bgpd daemon likely will continue
running. Warning and debug messages in the logs may contain arbitrary bytes.
The issue can only be triggered by a configured peer, if there is sufficient
transport security.
All versions of quagga are affected.
Discussion:
Acknowledgments:
Name: the Quagga project
---
Created attachment 1392684
Upstream patch
---
External References:
https://www.quagga.net/security/Quagga-2018-1550.txt
---
Statement:
Red Hat Product Security has given this vulnerability a
http://savannah.nongnu.org/forum/forum.php?forum_id=9095http://www.kb.cert.org/vuls/id/940439https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdfhttps://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1550.txthttps://lists.debian.org/debian-lts-announce/2018/02/msg00021.htmlhttps://security.gentoo.org/glsa/201804-17https://usn.ubuntu.com/3573-1/https://www.debian.org/security/2018/dsa-4115http://savannah.nongnu.org/forum/forum.php?forum_id=9095http://www.kb.cert.org/vuls/id/940439https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdfhttps://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1550.txthttps://lists.debian.org/debian-lts-announce/2018/02/msg00021.htmlhttps://security.gentoo.org/glsa/201804-17https://usn.ubuntu.com/3573-1/https://www.debian.org/security/2018/dsa-4115
2018-02-19
Published