Base Score

MEDIUM4.3

CVE-2018-5380

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.

VectorNETWORK

Published Bycret@cert.org

Published DateFeb 19, 2018, 13:29

Weakness Type (CWE):CWE-125

CVSS Metrics

Base Score

4.3

Vector String

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

LOW

References

http://savannah.nongnu.org/forum/forum.php?forum_id=9095
http://www.kb.cert.org/vuls/id/940439
https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf
https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1550.txt
https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html
https://security.gentoo.org/glsa/201804-17
https://usn.ubuntu.com/3573-1/
https://www.debian.org/security/2018/dsa-4115

Base Score

MEDIUM4.3

Weakness Type (CWE):CWE-125

CVSS Metrics

Base Score

4.3

Vector String

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

LOW