Denis Ovsienko

**Name of the Vulnerable Software and Affected Versions** Quagga versions prior to 0.99.22.4 Quagga version 0.99.15 **Description** The issue affects the Quagga package, allowing remote attackers to exploit multiple vulnerabilities, potentially leading to disruption of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely. Specifically, the `bgp capability orf` function in `bgpd` in Quagga 0.99.20.1 and earlier is vulnerable to a denial of service (assertion failure and daemon exit) by sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message, leveraging a BGP peering relationship. **Recommendations** For Quagga versions prior to 0.99.22.4, update to version 0.99.22.4 or later to resolve the issue. For Quagga version 0.99.15, consider disabling the `bgp capability orf` function as a temporary workaround until a patch is available. Restrict access to the Quagga package to minimize the risk of exploitation.