Hi Stuart, Fair point. I should have worded that more precisely.
I personally reproduced the issue on BIRD 2.16.2. I have not independently tested every later release. The reason I wrote that no fixed version is currently available is that upstream told me on 2026-05-24 that they currently do not plan to fix the issue, and I have been watching the public BIRD Git commit history since then. As of the disclosure, I had not seen any commit that looked like a fix for the AS_PATH mask matching stack buffer issue. So the more accurate wording is: - tested affected: BIRD 2.16.2 - possibly affected: other BIRD 2.x versions with the same AS_PATH mask matching implementation - fixed version: no public fixed version known to me If there is a fix commit or release that I missed, please point me to it and I will retest/update accordingly. Best, Bakabaka_9 Dan Yefihmov <[email protected]> 于 2026年6月2日周二 23:30写道: > On June 2, 2026 1:56:57 PM GMT+03:00, Stuart Henderson < > [email protected]> wrote: > >On 2026/06/02 10:07, Bakabaka_9 wrote: > >> Tested affected: > >> > >> - BIRD 2.16.2 > >> > >> Possibly affected: > >> > >> - Other BIRD 2.x versions using the same AS_PATH mask matching > >> implementation. > >> > >> Not affected: > >> > >> - Unknown. > >> > >> Fixed version > >> ============= > >> > >> No fixed version is available at the time of this disclosure. > > > >If you've only tried one version from April 2025, how can you can say > >with certainty that it's not been fixed since then? > > > Did you really read the report carefully? It's explicitly written there > that on May 24 the maintainers clearly written they don't currently plan to > fix it! > > > Sincerely Yours, Dan. >
