{"id":"ALPINE-CVE-2017-16227","details":"The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.","modified":"2026-03-09T01:05:34.830006Z","published":"2017-10-29T20:29:00.207Z","upstream":["CVE-2017-16227"],"references":[{"type":"ADVISORY","url":"https://security.alpinelinux.org/vuln/CVE-2017-16227"}],"affected":[{"package":{"name":"quagga","ecosystem":"Alpine:v3.3","purl":"pkg:apk/alpine/quagga?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.99.24.1-r6"}]}],"versions":["0.99.11-r10","0.99.11-r4","0.99.11-r5","0.99.11-r6","0.99.11-r7","0.99.11-r8","0.99.11-r9","0.99.12-r0","0.99.13-r0","0.99.13-r1","0.99.13-r2","0.99.15-r0","0.99.15-r1","0.99.15-r2","0.99.15-r3","0.99.15-r4","0.99.16-r0","0.99.17-r0","0.99.18-r0","0.99.18-r1","0.99.20-r0","0.99.20.1-r0","0.99.21-r0","0.99.21-r1","0.99.21-r2","0.99.21-r3","0.99.22-r0","0.99.22-r1","0.99.22.1-r0","0.99.22.1-r1","0.99.22.3-r0","0.99.22.3-r1","0.99.22.3-r2","0.99.22.3-r3","0.99.22.4-r0","0.99.22.4-r1","0.99.22.4-r2","0.99.22.4-r3","0.99.22.4-r4","0.99.22.4-r5","0.99.22.4-r6","0.99.23-r0","0.99.23-r1","0.99.23-r2","0.99.23-r3","0.99.23-r4","0.99.23.1-r0","0.99.23.1-r1","0.99.24.1-r0","0.99.24.1-r1","0.99.24.1-r2","0.99.24.1-r3","0.99.24.1-r4","0.99.24.1-r5"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2017-16227.json"}},{"package":{"name":"quagga","ecosystem":"Alpine:v3.4","purl":"pkg:apk/alpine/quagga?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.20161017-r1"}]}],"versions":["0.99.11-r10","0.99.11-r4","0.99.11-r5","0.99.11-r6","0.99.11-r7","0.99.11-r8","0.99.11-r9","0.99.12-r0","0.99.13-r0","0.99.13-r1","0.99.13-r2","0.99.15-r0","0.99.15-r1","0.99.15-r2","0.99.15-r3","0.99.15-r4","0.99.16-r0","0.99.17-r0","0.99.18-r0","0.99.18-r1","0.99.20-r0","0.99.20.1-r0","0.99.21-r0","0.99.21-r1","0.99.21-r2","0.99.21-r3","0.99.22-r0","0.99.22-r1","0.99.22.1-r0","0.99.22.1-r1","0.99.22.3-r0","0.99.22.3-r1","0.99.22.3-r2","0.99.22.3-r3","0.99.22.4-r0","0.99.22.4-r1","0.99.22.4-r2","0.99.22.4-r3","0.99.22.4-r4","0.99.22.4-r5","0.99.22.4-r6","0.99.23-r0","0.99.23-r1","0.99.23-r2","0.99.23-r3","0.99.23-r4","0.99.23.1-r0","0.99.23.1-r1","0.99.24.1-r0","0.99.24.1-r1","0.99.24.1-r2","0.99.24.1-r3","1.0.20160315-r0","1.0.20160315-r1","1.0.20161017-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2017-16227.json"}},{"package":{"name":"quagga","ecosystem":"Alpine:v3.5","purl":"pkg:apk/alpine/quagga?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.1-r1"}]}],"versions":["0.99.11-r10","0.99.11-r4","0.99.11-r5","0.99.11-r6","0.99.11-r7","0.99.11-r8","0.99.11-r9","0.99.12-r0","0.99.13-r0","0.99.13-r1","0.99.13-r2","0.99.15-r0","0.99.15-r1","0.99.15-r2","0.99.15-r3","0.99.15-r4","0.99.16-r0","0.99.17-r0","0.99.18-r0","0.99.18-r1","0.99.20-r0","0.99.20.1-r0","0.99.21-r0","0.99.21-r1","0.99.21-r2","0.99.21-r3","0.99.22-r0","0.99.22-r1","0.99.22.1-r0","0.99.22.1-r1","0.99.22.3-r0","0.99.22.3-r1","0.99.22.3-r2","0.99.22.3-r3","0.99.22.4-r0","0.99.22.4-r1","0.99.22.4-r2","0.99.22.4-r3","0.99.22.4-r4","0.99.22.4-r5","0.99.22.4-r6","0.99.23-r0","0.99.23-r1","0.99.23-r2","0.99.23-r3","0.99.23-r4","0.99.23.1-r0","0.99.23.1-r1","0.99.24.1-r0","0.99.24.1-r1","0.99.24.1-r2","0.99.24.1-r3","1.0.20160315-r0","1.0.20160315-r1","1.1.0-r0","1.1.1-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2017-16227.json"}},{"package":{"name":"quagga","ecosystem":"Alpine:v3.6","purl":"pkg:apk/alpine/quagga?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.2-r0"}]}],"versions":["0.99.11-r10","0.99.11-r4","0.99.11-r5","0.99.11-r6","0.99.11-r7","0.99.11-r8","0.99.11-r9","0.99.12-r0","0.99.13-r0","0.99.13-r1","0.99.13-r2","0.99.15-r0","0.99.15-r1","0.99.15-r2","0.99.15-r3","0.99.15-r4","0.99.16-r0","0.99.17-r0","0.99.18-r0","0.99.18-r1","0.99.20-r0","0.99.20.1-r0","0.99.21-r0","0.99.21-r1","0.99.21-r2","0.99.21-r3","0.99.22-r0","0.99.22-r1","0.99.22.1-r0","0.99.22.1-r1","0.99.22.3-r0","0.99.22.3-r1","0.99.22.3-r2","0.99.22.3-r3","0.99.22.4-r0","0.99.22.4-r1","0.99.22.4-r2","0.99.22.4-r3","0.99.22.4-r4","0.99.22.4-r5","0.99.22.4-r6","0.99.23-r0","0.99.23-r1","0.99.23-r2","0.99.23-r3","0.99.23-r4","0.99.23.1-r0","0.99.23.1-r1","0.99.24.1-r0","0.99.24.1-r1","0.99.24.1-r2","0.99.24.1-r3","1.0.20160315-r0","1.0.20160315-r1","1.1.0-r0","1.1.1-r0","1.2.0-r0","1.2.1-r0"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2017-16227.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}