Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:25219
HistoryMay 10, 2020 - 11:20 p.m.

Denial Of Service (DoS)

2020-05-1023:20:56
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
18
quagga
vulnerability
denial of service
bgp
update
aspath_put
function

EPSS

0.011

Percentile

84.7%

quagga is vulnerable to denial of service. The aspath_put function in bgpd/bgp_aspath.c allows remote attackers to cause session drop via malicious BGP UPDATE messages as AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.