4.3
CVE-2018-5380
- EPSS 15.11%
- Veröffentlicht 19.02.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 04:08:42
- Quelle cret@cert.org
- CVE-Watchlists
- Unerledigt
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version7.0
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version17.10
Siemens ≫ Ruggedcom Rox Ii Firmware Version < 2.13.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 15.11% | 0.963 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:N/A:P
|
| cret@cert.org | 4.3 | 2.8 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
http://savannah.nongnu.org/forum/forum.php?forum_id=9095
http://www.kb.cert.org/vuls/id/940439
https://security.gentoo.org/glsa/201804-17
https://usn.ubuntu.com/3573-1/
https://www.debian.org/security/2018/dsa-4115
https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf
https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html
https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1550.txt