Gobgp Security Vulnerabilities and Issues — Gobgp CVE List

Lucene search

OsrgGobgp

5 matches found

CVE•added 2025/04/21 1:15 a.m.•190 views

CVE-2025-43973

An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.

9.8CVSS6.5AI score0.00023EPSS

CVE•added 2025/04/21 1:15 a.m.•157 views

CVE-2025-43971

An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.

8.6CVSS6.5AI score0.00019EPSS

CVE•added 2025/04/21 1:15 a.m.•156 views

CVE-2025-43972

An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.

7.5CVSS6.6AI score0.00028EPSS

CVE•added 2025/04/21 1:15 a.m.•149 views

CVE-2025-43970

An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family).

5.3CVSS4.6AI score0.00022EPSS

CVE•added 2025/07/12 7:15 a.m.•9 views

CVE-2025-7464

A vulnerability classified as problematic has been found in osrg GoBGP up to 3.37.0. Affected is the function SplitRTR of the file pkg/packet/rtr/rtr.go. The manipulation leads to out-of-bounds read. It is possible to launch the attack remotely. The complexity of an attack is rather high. The explo...

6.3CVSS4.3AI score0.00051EPSS