CVE-2017-16227

Priority
Description
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows
remote attackers to cause a denial of service (session drop) via BGP UPDATE
messages, because AS_PATH size calculation for long paths counts certain
bytes twice and consequently constructs an invalid message.
Assigned-to
mdeslaur
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [0.99.22.4-3ubuntu1.4])
Ubuntu 16.04 LTS (Xenial Xerus):released (0.99.24.1-2ubuntu1.3)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.1.1-3ubuntu1)
Patches:
Upstream:https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008
More Information

Updated: 2019-12-05 18:48:25 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)