The Quagga BGP daemon, bgpd, does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or it may crash.
Affected versions: 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.2.2
Name: the Quagga project
Created attachment 1392686 [details]
This vulnerability affects Quagga versions after 1.1.0. Versions 0.99.x, included with Red Hat Enterprise Linux, are not affected by this issue.
Created quagga tracking bugs for this issue:
Affects: fedora-all [bug 1546009]