CVE-2025-43971

High CVSS: 8.6

An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.

Vendor

Product

CWE

Yayın Tarihi

2025-04-21 01:15:45

Güncelleme

2025-05-08 15:57:42

Source Identifier

cve@mitre.org

KEV Date Added

CWE-193 Gobgp HIGH Osrg 2025

https://github.com/osrg/gobgp/commit/08a001e06d90e8bcc190084c66992f46f62c0986 https://github.com/osrg/gobgp/compare/v3.34.0...v3.35.0

Medium

CVE-2026-5124

A security vulnerability has been detected in osrg GoBGP up to 4.3.0. Affected is the function BGPHeader.DecodeFromBytes…

Medium

CVE-2026-5123

A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/pack…

High

CVE-2026-30405

An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_HOP path attribute

Medium

CVE-2025-43970

An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by…

Medium

CVE-2025-43972

An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec pars…

Medium

CVE-2025-43973

An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds…