CVE-2025-43973

Medium CVSS: 6.8

An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.

Vendor

Osrg

Product

Gobgp

CWE

CWE-193

Yayın Tarihi

2025-04-21 01:15:45

Güncelleme

2025-05-08 15:57:33

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-193 Gobgp MEDIUM Osrg 2025

Referanslar

https://github.com/osrg/gobgp/commit/5693c58a4815cc6327b8d3b6980f0e5aced28abe https://github.com/osrg/gobgp/compare/v3.34.0...v3.35.0

Benzer Kayıtlar

Medium

CVE-2026-5124

A security vulnerability has been detected in osrg GoBGP up to 4.3.0. Affected is the function BGPHeader.DecodeFromBytes…

Medium

CVE-2026-5123

A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/pack…

High

CVE-2026-30405

An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_HOP path attribute

Medium

CVE-2025-43970

An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by…

High

CVE-2025-43971

An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value…

Medium

CVE-2025-43972

An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec pars…