Описание
An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| gobgp | fixed | 3.35.0-1 | package | |
| gobgp | postponed | bullseye | package |
Примечания
Fixed by: https://github.com/osrg/gobgp/commit/ca7383f450f7b296c5389feceef2467de5ab6e5a (v3.35.0)
EPSS
Процентиль: 24%
0.00076
Низкий
Связанные уязвимости
CVSS3: 6.8
ubuntu
2 месяца назад
An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.
CVSS3: 6.8
nvd
2 месяца назад
An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.
EPSS
Процентиль: 24%
0.00076
Низкий