A vulnerability was found in Quagga, in the log formatting code. Specially crafted messages sent by BGP peers could cause Quagga to read one element past the end of certain static arrays, causing arbitrary binary data to appear in the logs or potentially, a crash.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | quagga | 2018-02-20 21:26 | ALAS-2018-957 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 4.3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
NVD | CVSSv2 | 4.0 | AV:N/AC:L/Au:S/C:N/I:N/A:P |
NVD | CVSSv3 | 4.3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |