CVE-2018-5381

Опубликовано: 15 фев. 2018

Источник: redhat

CVSS3: 6.5

EPSS Низкий

Описание

The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.

An infinite loop vulnerability was discovered in Quagga. A BGP peer could send specially crafted packets that would cause the daemon to enter an infinite loop, denying service and consuming CPU until it is restarted.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	quagga	Will not fix
Red Hat Enterprise Linux 6	quagga	Will not fix
Red Hat Enterprise Linux 7	quagga	Will not fix
Red Hat Enterprise Linux 8	quagga	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-228->CWE-835

https://bugzilla.redhat.com/show_bug.cgi?id=1542992quagga: Infinite loop issue triggered by invalid OPEN message allows denial-of-service

EPSS

Процентиль: 89%

0.04351

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2018-5381

CVSS3: 6.5

ubuntu

почти 8 лет назад

CVE-2018-5381

CVSS3: 6.5

nvd

почти 8 лет назад

CVE-2018-5381

CVSS3: 6.5

debian

почти 8 лет назад

The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its p ...

GHSA-g4qp-j7fc-2xcf

CVSS3: 7.5

github

больше 3 лет назад

openSUSE-SU-2018:0473-1

suse-cvrf

почти 8 лет назад

Security update for quagga

EPSS

Процентиль: 89%

0.04351

Низкий

6.5 Medium

CVSS3