CVE-2018-5380

Name: CVE-2018-5380
Creator: NVD / NIST
Published: 2018-02-19T13:29:00.473+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 15.00%

Last modified Jun 17, 2026

CVE-2018-5380 is a vulnerability of currently unknown severity. The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.. EPSS estimates a 15.00% chance of exploitation in the next 30 days.

Description

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.

Metrics

EPSS Probability

15.00%

96.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Quagga	Quagga	<= 1.2.2
Debian	Debian Linux	7.0
Debian	Debian Linux	8.0
Debian	Debian Linux	9.0
Canonical	Ubuntu Linux	14.04
Canonical	Ubuntu Linux	16.04
Canonical	Ubuntu Linux	17.10
Siemens	Ruggedcom Rox Ii Firmware	< 2.13.0

References

http://savannah.nongnu.org/forum/forum.php?forum_id=9095Third Party Advisory
http://www.kb.cert.org/vuls/id/940439Third Party Advisory, US Government Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdfThird Party Advisory
https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1550.txtVendor Advisory
https://lists.debian.org/debian-lts-announce/2018/02/msg00021.htmlMailing List, Third Party Advisory
https://security.gentoo.org/glsa/201804-17Third Party Advisory
https://usn.ubuntu.com/3573-1/Third Party Advisory
https://www.debian.org/security/2018/dsa-4115Third Party Advisory
http://savannah.nongnu.org/forum/forum.php?forum_id=9095Third Party Advisory
http://www.kb.cert.org/vuls/id/940439Third Party Advisory, US Government Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdfThird Party Advisory
https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1550.txtVendor Advisory
https://lists.debian.org/debian-lts-announce/2018/02/msg00021.htmlMailing List, Third Party Advisory
https://security.gentoo.org/glsa/201804-17Third Party Advisory
https://usn.ubuntu.com/3573-1/Third Party Advisory
https://www.debian.org/security/2018/dsa-4115Third Party Advisory

Timeline

Published: Feb 19, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-5380?

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.

How severe is CVE-2018-5380?

Severity scoring for CVE-2018-5380 is pending analysis. The EPSS model estimates a 15.00% probability of exploitation in the next 30 days.

How do I fix CVE-2018-5380?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-5380?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST