[3.3] quagga: remote denial of service via BGP UPDATE messages (CVE-2017-16227)
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2
allows remote attackers to cause a denial of service (session drop)
via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.
(from redmine: issue id 8086, created on 2017-10-31, closed on 2017-11-23)
- parent #8082 (closed)
- Revision 6e3ecd37 by Natanael Copa on 2017-11-23T09:27:23Z:
main/quagga: fix CVE-2017-16227 fixes #8086