CVE-2017-16227

Priority
Medium
Description
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows
remote attackers to cause a denial of service (session drop) via BGP UPDATE
messages, because AS_PATH size calculation for long paths counts certain
bytes twice and consequently constructs an invalid message.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):released (1.1.1-3ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.1.1-3ubuntu1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (0.99.22.4-3ubuntu1.4)
Ubuntu 16.04 LTS (Xenial Xerus):released (0.99.24.1-2ubuntu1.3)
Ubuntu 17.04 (Zesty Zapus):released (1.1.1-1ubuntu0.1)
Patches:
Upstream:https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008
More Information

Updated: 2017-11-01 11:14:37 UTC (commit 13620)