Описание
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 1.1.1-3ubuntu0.1 |
| devel | released | 1.1.1-3ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [0.99.22.4-3ubuntu1.4]] |
| esm-infra/xenial | released | 0.99.24.1-2ubuntu1.3 |
| precise/esm | DNE | |
| trusty | released | 0.99.22.4-3ubuntu1.4 |
| trusty/esm | DNE | trusty was released [0.99.22.4-3ubuntu1.4] |
| upstream | needs-triage | |
| xenial | released | 0.99.24.1-2ubuntu1.3 |
| zesty | released | 1.1.1-1ubuntu0.1 |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 al ...
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.
Уязвимость функции aspath_put пакета программ Quagga операционной системы Debian GNU/Linux, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5 Medium
CVSS2
7.5 High
CVSS3