A stack buffer overflow flaw was found in the way Quagga's bgpd
daemon processed Route-Refresh messages. A configured
Border Gateway Protocol (BGP) peer could send a
Route-Refresh message with specially-crafted Outbound
Route Filtering (ORF) record, which would cause the
master BGP daemon (bgpd) to crash or, possibly, execute
arbitrary code with the privileges of the user running
bgpd.
A NULL pointer dereference flaw was found in the way
Quagga's bgpd daemon parsed paths of autonomous systems
(AS). A configured BGP peer could send a BGP update AS
path request with unknown AS type, which could lead to
denial of service (bgpd daemon crash).