PublicDateAtUSN: 2018-02-13
Candidate: CVE-2018-5380
CRD: 2018-02-13
PublicDate: 2018-02-19 13:29:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5380
 https://www.quagga.net/security/Quagga-2018-1550.txt
 https://ubuntu.com/security/notices/USN-3573-1
Description:
 The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal
 BGP code-to-string conversion tables used for debug by 1 pointer value,
 based on input.
Ubuntu-Description: 
Notes: 
 mdeslaur> this is Quagga-2018-1550
Bugs: 
Priority: low
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L [4.3 MEDIUM]


Patches_quagga:
upstream_quagga: released (1.2.3)
precise/esm_quagga: DNE
trusty_quagga: released (0.99.22.4-3ubuntu1.5)
trusty/esm_quagga: DNE (trusty was released [0.99.22.4-3ubuntu1.5])
xenial_quagga: released (0.99.24.1-2ubuntu1.4)
esm-infra/xenial_quagga: released (0.99.24.1-2ubuntu1.4)
artful_quagga: released (1.1.1-3ubuntu0.2)
devel_quagga: released (1.2.2-1ubuntu1)