Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service via a Link State Update packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field.