| Max CVSS | 7.5 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-5378 | 4.9 |
The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may c
|
09-10-2019 - 23:41 | 19-02-2018 - 13:29 | |
| CVE-2018-5381 | 5.0 |
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Proto
|
09-10-2019 - 23:41 | 19-02-2018 - 13:29 | |
| CVE-2018-5380 | 4.0 |
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
|
09-10-2019 - 23:41 | 19-02-2018 - 13:29 | |
| CVE-2018-5379 | 7.5 |
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an
|
09-10-2019 - 23:41 | 19-02-2018 - 13:29 |