9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.122 Low
EPSS
Percentile
95.3%
Issue Overview:
Infinite loop issue triggered by invalid OPEN message allows denial-of-service
An infinite loop vulnerability was discovered in Quagga. A BGP peer could send specially crafted packets that would cause the daemon to enter an infinite loop, denying service and consuming CPU until it is restarted.(CVE-2018-5381)
Double free vulnerability in bgpd when processing certain forms of UPDATE message allowing to crash or potentially execute arbitrary code
A double-free vulnerability was found in Quagga. A BGP peer could send a specially crafted UPDATE message which would cause allocated blocks of memory to be free()d more than once, potentially leading to a crash or other issues.(CVE-2018-5379)
bgpd can overrun internal BGP code-to-string conversion tables potentially allowing crash
A vulnerability was found in Quagga, in the log formatting code. Specially crafted messages sent by BGP peers could cause Quagga to read one element past the end of certain static arrays, causing arbitrary binary data to appear in the logs or potentially, a crash.(CVE-2018-5380)
Affected Packages:
quagga
Issue Correction:
Run yum update quagga to update your system.
New Packages:
i686:
quagga-devel-0.99.22.4-4.17.amzn1.i686
quagga-0.99.22.4-4.17.amzn1.i686
quagga-debuginfo-0.99.22.4-4.17.amzn1.i686
quagga-contrib-0.99.22.4-4.17.amzn1.i686
src:
quagga-0.99.22.4-4.17.amzn1.src
x86_64:
quagga-devel-0.99.22.4-4.17.amzn1.x86_64
quagga-debuginfo-0.99.22.4-4.17.amzn1.x86_64
quagga-0.99.22.4-4.17.amzn1.x86_64
quagga-contrib-0.99.22.4-4.17.amzn1.x86_64
Red Hat: CVE-2018-5379, CVE-2018-5380, CVE-2018-5381
Mitre: CVE-2018-5379, CVE-2018-5380, CVE-2018-5381
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | quagga-devel | < 0.99.22.4-4.17.amzn1 | quagga-devel-0.99.22.4-4.17.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | quagga | < 0.99.22.4-4.17.amzn1 | quagga-0.99.22.4-4.17.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | quagga-debuginfo | < 0.99.22.4-4.17.amzn1 | quagga-debuginfo-0.99.22.4-4.17.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | quagga-contrib | < 0.99.22.4-4.17.amzn1 | quagga-contrib-0.99.22.4-4.17.amzn1.i686.rpm |
Amazon Linux | 1 | x86_64 | quagga-devel | < 0.99.22.4-4.17.amzn1 | quagga-devel-0.99.22.4-4.17.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | quagga-debuginfo | < 0.99.22.4-4.17.amzn1 | quagga-debuginfo-0.99.22.4-4.17.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | quagga | < 0.99.22.4-4.17.amzn1 | quagga-0.99.22.4-4.17.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | quagga-contrib | < 0.99.22.4-4.17.amzn1 | quagga-contrib-0.99.22.4-4.17.amzn1.x86_64.rpm |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.122 Low
EPSS
Percentile
95.3%