CVE-2017-16227 (retired)

Priority
Description
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows
remote attackers to cause a denial of service (session drop) via BGP UPDATE
messages, because AS_PATH size calculation for long paths counts certain
bytes twice and consequently constructs an invalid message.
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (0.99.22.4-3ubuntu1.4)
Ubuntu 16.04 LTS (Xenial Xerus):released (0.99.24.1-2ubuntu1.3)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.1.1-3ubuntu1)
Patches:
Upstream:https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008
More Information

Updated: 2019-03-26 12:25:17 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)