CVE-2025-43972

Medium CVSS: 6.8

An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.

Vendor

Osrg

Product

Gobgp

CWE

CWE-1284

Yayın Tarihi

2025-04-21 01:15:45

Güncelleme

2025-05-08 15:54:12

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-1284 Gobgp MEDIUM Osrg 2025

Referanslar

https://github.com/osrg/gobgp/commit/ca7383f450f7b296c5389feceef2467de5ab6e5a https://github.com/osrg/gobgp/compare/v3.34.0...v3.35.0

Benzer Kayıtlar

Medium

CVE-2026-5124

A security vulnerability has been detected in osrg GoBGP up to 4.3.0. Affected is the function BGPHeader.DecodeFromBytes…

Medium

CVE-2026-5123

A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/pack…

High

CVE-2026-30405

An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_HOP path attribute

Medium

CVE-2025-43970

An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by…

High

CVE-2025-43971

An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value…

Medium

CVE-2025-43973

An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds…