CVE-2017-16227
published 2017-10-29CVE-2017-16227: The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE…
PriorityP343high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
18.79%
96.9th percentile
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| quagga | quagga | <= 1.2.1 | — |
| quagga | quagga | >= 0 < 0.99.24.1-r6 | 0.99.24.1-r6 |
| quagga | quagga | >= 0 < 1.0.20161017-r1 | 1.0.20161017-r1 |
| quagga | quagga | >= 0 < 1.1.1-r1 | 1.1.1-r1 |
| quagga | quagga | >= 0 < 1.2.2-r0 | 1.2.2-r0 |
| quagga | quagga | >= 0 < 0.99.22.4-3ubuntu1.4 | 0.99.22.4-3ubuntu1.4 |
| quagga | quagga | >= 0 < 0.99.24.1-2ubuntu1.3 | 0.99.24.1-2ubuntu1.3 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Quagga vulnerabilities
vendor_ubuntu·2017-10-31·CVSS 7.5
CVE-2017-16227 [HIGH] Quagga vulnerabilities
Title: Quagga vulnerabilities
Summary: Several security issues were fixed in Quagga.
Andreas Jaggi discovered that Quagga incorrectly handled certain BGP UPDATE
messages. A remote attacker could possibly use this issue to cause Quagga
to crash, resulting in a denial of service. (CVE-2017-16227)
Quentin Young discovered that Quagga incorrectly handled memory in the
telnet vty CLI. An attacker able to connect to the telnet interface could
possibly use this issue to cause Quagga to consume memory, resulting in a
denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu
16.04 LTS. (CVE-2017-5495)
Instructions: After a standard system update you need to restart Quagga to make all the
necessary changes.
Red Hat
quagga: Incorrect AS_PATH size calculation for long paths
vendor_redhat·2017-10-02·CVSS 7.5
CVE-2017-16227 [HIGH] CWE-682 quagga: Incorrect AS_PATH size calculation for long paths
quagga: Incorrect AS_PATH size calculation for long paths
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.
A denial of service flaw was found in the way the bgpd daemon in Quagga handled the processing of large BGP update messages. A remote, previously trusted attacker could potentially use this flaw to cause bgpd to terminate existing BGP sessions, thereby leading to denial of service.
Package: quagga (Red Hat Enterprise Linux 5) - Not affected
Package: quagga (Red Hat Enterprise Linux 6) - Will not fix
Package: quagga (Red Hat Enterprise Linux 7) - Wil
GHSA
GHSA-8c9w-x87p-jr8v: The aspath_put function in bgpd/bgp_aspath
ghsa_unreviewed·2022-05-17
CVE-2017-16227 [HIGH] CWE-20 GHSA-8c9w-x87p-jr8v: The aspath_put function in bgpd/bgp_aspath
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.
OSV
quagga vulnerabilities
osv·2017-10-31·CVSS 7.5
CVE-2017-16227 [HIGH] quagga vulnerabilities
quagga vulnerabilities
Andreas Jaggi discovered that Quagga incorrectly handled certain BGP UPDATE
messages. A remote attacker could possibly use this issue to cause Quagga
to crash, resulting in a denial of service. (CVE-2017-16227)
Quentin Young discovered that Quagga incorrectly handled memory in the
telnet vty CLI. An attacker able to connect to the telnet interface could
possibly use this issue to cause Quagga to consume memory, resulting in a
denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu
16.04 LTS. (CVE-2017-5495)
OSV
CVE-2017-16227: The aspath_put function in bgpd/bgp_aspath
osv·2017-10-29·CVSS 7.5
CVE-2017-16227 [HIGH] CVE-2017-16227: The aspath_put function in bgpd/bgp_aspath
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-16227 quagga: Incorrect AS_PATH size calculation for long paths
bugzilla·2017-11-03·CVSS 7.5
CVE-2017-16227 [HIGH] CVE-2017-16227 quagga: Incorrect AS_PATH size calculation for long paths
CVE-2017-16227 quagga: Incorrect AS_PATH size calculation for long paths
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.
Affected versions: 0.99.10 - 0.99.24.1, 1.0.*, 1.1.0, 1.1.1, 1.2.0, 1.2.1
Upstream patch:
https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008
Reference:
https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html
Discussion:
Created quagga tracking bugs for this issue:
Affects: fedora-all [bug 1509292]
Bugzilla
CVE-2017-16227 quagga: Incorrect AS_PATH size calculation for long paths [fedora-all]
bugzilla·2017-11-03·CVSS 7.5
CVE-2017-16227 [HIGH] CVE-2017-16227 quagga: Incorrect AS_PATH size calculation for long paths [fedora-all]
CVE-2017-16227 quagga: Incorrect AS_PATH size calculation for long paths [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported
http://download.savannah.gnu.org/releases/quagga/quagga-1.2.2.changelog.txthttp://www.debian.org/security/2017/dsa-4011https://bugs.debian.org/879474https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.htmlhttp://download.savannah.gnu.org/releases/quagga/quagga-1.2.2.changelog.txthttp://www.debian.org/security/2017/dsa-4011https://bugs.debian.org/879474https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html
2017-10-29
Published