Go modules package
github.com/osrg/gobgp/v3
pkg:golang/github.com/osrg/gobgp/v3
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-43973 | — | < 3.35.0 | 3.35.0 | Apr 21, 2025 | An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message. | ||
| CVE-2025-43972 | — | < 3.35.0 | 3.35.0 | Apr 21, 2025 | An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context. | ||
| CVE-2025-43971 | — | >= 3.11.0, < 3.35.0 | 3.35.0 | Apr 21, 2025 | An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen. | ||
| CVE-2025-43970 | — | < 3.35.0 | 3.35.0 | Apr 21, 2025 | An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family). | ||
| CVE-2023-46565 | Hig | 7.5 | <= 3.20.0 | — | Apr 29, 2024 | Buffer Overflow vulnerability in osrg gobgp commit 419c50dfac578daa4d11256904d0dc182f1a9b22 allows a remote attacker to cause a denial of service via the handlingError function in pkg/server/fsm.go. |
- CVE-2025-43973Apr 21, 2025affected < 3.35.0fixed 3.35.0
An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.
- CVE-2025-43972Apr 21, 2025affected < 3.35.0fixed 3.35.0
An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.
- CVE-2025-43971Apr 21, 2025affected >= 3.11.0, < 3.35.0fixed 3.35.0
An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.
- CVE-2025-43970Apr 21, 2025affected < 3.35.0fixed 3.35.0
An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family).
- affected <= 3.20.0
Buffer Overflow vulnerability in osrg gobgp commit 419c50dfac578daa4d11256904d0dc182f1a9b22 allows a remote attacker to cause a denial of service via the handlingError function in pkg/server/fsm.go.