The aspath_put function in bgpd/bgp_aspath.c in Quagga prior to 1.2.2 allows remote malicious users to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
quagga quagga |
||
debian debian linux 9.0 |
||
debian debian linux 8.0 |