GoBGP has an Improper Resource Shutdown or Release

A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefixsid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. The attack may be performed from...

PT-2023-10174 · Nanopb · Nanopb

Name of the Vulnerable Software and Affected Versions: Nanopb versions prior to 0.3.1 Description: The issue allows size t overflows in pb dec bytes and pb dec string. Recommendations: For versions prior to 0.3.1, update to version 0.3.1 or later to resolve the issue...