The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message.
http://www.ubuntu.com/usn/USN-1605-1
http://www.securityfocus.com/bid/53775
http://www.kb.cert.org/vuls/id/962587
http://www.debian.org/security/2012/dsa-2497