CVE-2018-5379

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.

Weakness

The product calls free() twice on the same memory address.

Affected Software

Name	Vendor	Start Version	End Version
Quagga	Quagga	*	1.2.2 (including)
Red Hat Enterprise Linux 7	RedHat	quagga-0:0.99.22.4-5.el7_4	*
Quagga	Ubuntu	artful	*
Quagga	Ubuntu	devel	*
Quagga	Ubuntu	esm-infra/xenial	*
Quagga	Ubuntu	trusty	*
Quagga	Ubuntu	upstream	*
Quagga	Ubuntu	xenial	*

Potential Mitigations

References

http://savannah.nongnu.org/forum/forum.php?forum_id=9095
http://www.kb.cert.org/vuls/id/940439
http://www.securityfocus.com/bid/103105
https://access.redhat.com/errata/RHSA-2018:0377
https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf
https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt
https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html
https://security.gentoo.org/glsa/201804-17
https://usn.ubuntu.com/3573-1/
https://www.debian.org/security/2018/dsa-4115
http://savannah.nongnu.org/forum/forum.php?forum_id=9095
http://www.kb.cert.org/vuls/id/940439
http://www.securityfocus.com/bid/103105
https://access.redhat.com/errata/RHSA-2018:0377
https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf
https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt
https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html
https://security.gentoo.org/glsa/201804-17
https://usn.ubuntu.com/3573-1/
https://www.debian.org/security/2018/dsa-4115

NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-5379
CWE	https://cwe.mitre.org/data/definitions/415.html

Double Free

Weakness

Affected Software

Potential Mitigations

References