Intrusion Prevention

Quagga.bgp_attr_parse.BGP.Session.Out.of.Bounds.Read

Description

This indicates an attack attempt to exploit an Out of Bounds Read Vulnerability in Quagga.
The vulnerability is due to an input validation error when handling malformed requests. A remote attacker may be able to exploit this to gain access to sensitive data on the affected system, via a crafted request.

Affected Products

Quagga 1.1.0
Quagga 1.1.1
Quagga 1.2.0
Quagga 1.2.1
Quagga 1.2.2

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor:
https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=cc2e6770697e343f4af534114ab7e633d5beabec

CVE References

CVE-2018-5378