Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute.
http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml