quagga is vulnerable to denial of service. The aspath_put
function in bgpd/bgp_aspath.c
allows remote attackers to cause session drop via malicious BGP UPDATE messages as AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.