CVE-2018-5381

Summary

The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.

Affected Software

VendorProductVersion RangeStatus
Quaggabgpdbpgd < 1.2.3affected

Weaknesses

  • CWE-228: CWE-228: Improper Handling of Syntactically Invalid Structure

ADP Enrichment

CVE Program Container

Additional References

References