Osrg

Gobgp

6 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.7

CVE-2025-7464

  • EPSS 0.05%
  • Veröffentlicht 12.07.2025 06:32:06
  • Zuletzt bearbeitet 15.07.2025 13:14:49

A vulnerability classified as problematic has been found in osrg GoBGP up to 3.37.0. Affected is the function SplitRTR of the file pkg/packet/rtr/rtr.go. The manipulation leads to out-of-bounds read. It is possible to launch the attack remotely. The ...

5.3

CVE-2025-43970

  • EPSS 0.09%
  • Veröffentlicht 21.04.2025 00:00:00
  • Zuletzt bearbeitet 08.05.2025 15:45:51

An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family).

7.5

CVE-2025-43971

  • EPSS 0.12%
  • Veröffentlicht 21.04.2025 00:00:00
  • Zuletzt bearbeitet 08.05.2025 15:57:42

An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.

7.5

CVE-2025-43972

  • EPSS 0.09%
  • Veröffentlicht 21.04.2025 00:00:00
  • Zuletzt bearbeitet 08.05.2025 15:54:12

An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.

9.8

CVE-2025-43973

  • EPSS 0.11%
  • Veröffentlicht 21.04.2025 00:00:00
  • Zuletzt bearbeitet 08.05.2025 15:57:33

An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.

7.5

CVE-2023-46565

  • EPSS 0.26%
  • Veröffentlicht 29.04.2024 20:15:08
  • Zuletzt bearbeitet 21.11.2024 08:28:46

Buffer Overflow vulnerability in osrg gobgp commit 419c50dfac578daa4d11256904d0dc182f1a9b22 allows a remote attacker to cause a denial of service via the handlingError function in pkg/server/fsm.go.