### [CVE-2018-5379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5379)
![](https://img.shields.io/static/v1?label=Product&message=bgpd&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=bpgd1.2.3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-415%3A%20Double%20Free&color=brighgreen)

### Description

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.

### POC

#### Reference
- http://www.kb.cert.org/vuls/id/940439
- http://www.kb.cert.org/vuls/id/940439

#### Github
- https://github.com/ARPSyndicate/cvemon