Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-43971 | 1 Osrg | 1 Gobgp | 2025-05-08 | N/A | 8.6 HIGH |
| An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen. | |||||
| CVE-2025-43973 | 1 Osrg | 1 Gobgp | 2025-05-08 | N/A | 6.8 MEDIUM |
| An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message. | |||||
| CVE-2025-43972 | 1 Osrg | 1 Gobgp | 2025-05-08 | N/A | 6.8 MEDIUM |
| An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context. | |||||
| CVE-2025-43970 | 1 Osrg | 1 Gobgp | 2025-05-08 | N/A | 4.3 MEDIUM |
| An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family). | |||||