High severity7.5NVD Advisory· Published Oct 29, 2017· Updated Jun 17, 2026
CVE-2017-16227
CVE-2017-16227
Description
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.
Affected products
22cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*range: <=1.2.1
- (no CPE)range: <1.2.2
- osv-coords18 versionspkg:rpm/opensuse/quagga&distro=openSUSE%20Tumbleweedpkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/quagga&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/quagga&distro=SUSE%20OpenStack%20Cloud%206
< 1.2.4-2.14+ 17 more
- (no CPE)range: < 1.2.4-2.14
- (no CPE)range: < 0.99.15-0.30.3.1
- (no CPE)range: < 0.99.15-0.30.3.1
- (no CPE)range: < 0.99.15-0.30.3.1
- (no CPE)range: < 0.99.15-0.30.3.1
- (no CPE)range: < 0.99.22.1-16.4.1
- (no CPE)range: < 1.1.1-17.7.1
- (no CPE)range: < 1.1.1-17.7.1
- (no CPE)range: < 0.99.22.1-16.4.1
- (no CPE)range: < 1.1.1-17.7.1
- (no CPE)range: < 0.99.15-0.30.3.1
- (no CPE)range: < 0.99.22.1-16.4.1
- (no CPE)range: < 1.1.1-17.7.1
- (no CPE)range: < 1.1.1-17.7.1
- (no CPE)range: < 0.99.15-0.30.3.1
- (no CPE)range: < 1.1.1-17.7.1
- (no CPE)range: < 1.1.1-17.7.1
- (no CPE)range: < 0.99.22.1-16.4.1
Patches
Vulnerability mechanics
References
5- bugs.debian.org/879474nvdIssue TrackingPatchThird Party Advisory
- git.savannah.gnu.org/cgit/quagga.git/commit/nvdIssue TrackingPatchThird Party Advisory
- lists.quagga.net/pipermail/quagga-dev/2017-September/033284.htmlnvdIssue TrackingPatchThird Party Advisory
- download.savannah.gnu.org/releases/quagga/quagga-1.2.2.changelog.txtnvdIssue TrackingThird Party Advisory
- www.debian.org/security/2017/dsa-4011nvdIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.