Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2017-16227

Published: 29/10/2017 Updated: 18/11/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Quagga

Vulnerability Summary

The aspath_put function in bgpd/bgp_aspath.c in Quagga prior to 1.2.2 allows remote malicious users to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.

Vulnerable Product Search on Vulmon Subscribe to Product

quagga quagga

debian debian linux 9.0

debian debian linux 8.0

Vendor Advisories

Debian CVElist Bug Report Logs: quagga-bgpd: CVE-2017-16227: BGP session termination due to rather long AS paths in update messages
Debian Bug report logs - #879474 quagga-bgpd: CVE-2017-16227: BGP session termination due to rather long AS paths in update messages Package: quagga-bgpd; Maintainer for quagga-bgpd is Brett Parker <iDunno@sommitrealweirdcouk>; Source for quagga-bgpd is src:quagga (PTS, buildd, popcon) Reported by: Christoph Biedl <debi ...
Ubuntu Security Notice: quagga vulnerabilities
Several security issues were fixed in Quagga ...
Debian Security Advisories: DSA-4011-1 quagga -- security update
It was discovered that the bgpd daemon in the Quagga routing suite does not properly calculate the length of multi-segment AS_PATH UPDATE messages, causing bgpd to drop a session and potentially resulting in loss of network connectivity For the oldstable distribution (jessie), this problem has been fixed in version 099231-1+deb8u4 For the stab ...
Arch Linux Issues:
A denial of service flaw was found in the way the bgpd daemon in quagga before 122 handled the processing of large BGP update messages A remote, previously trusted attacker could potentially use this flaw to cause bgpd to terminate existing BGP sessions, thereby leading to denial of service ...

References

CWE-20https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.htmlhttps://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008https://bugs.debian.org/879474http://download.savannah.gnu.org/releases/quagga/quagga-1.2.2.changelog.txthttp://www.debian.org/security/2017/dsa-4011https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879474https://usn.ubuntu.com/3471-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook