Lucene search

K
cvelistMitreCVELIST:CVE-2017-16227
HistoryOct 29, 2017 - 8:00 p.m.

CVE-2017-16227

2017-10-2920:00:00
mitre
www.cve.org
9

AI Score

7.3

Confidence

High

EPSS

0.011

Percentile

84.7%

The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.