The Quagga BGP daemon bgpd prior to version 1.2.3 may be vulnerable to multiple issues that may result in denial of service, information disclosure, or remote code execution.
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer - CVE-2018-5378 (Quagga-2018-0543)
The Quagga BGP daemon, bgpd, does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or it may crash.
An unauthenticated, remote attacker may be able to use crafted input to result in a crash of bgpd or even allow a remote attacker to gain control of an affected bgpd process.
Apply an update
The Quagga developers thank Alban Browaeys, Balaji Gurudoss, Borg, Scott Leggett and Debian QA Group, Eugene Bogomazov, Evgeny Uskov, Gerrie Roos, Mathieu Jadin, Pier Carlo Chiodi, and Rolf Eike Beer.
This document was written by Garret Wassermann.