Описание
An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| gobgp | fixed | 3.35.0-1 | package | |
| gobgp | postponed | bullseye | package |
Примечания
Fixed by: https://github.com/osrg/gobgp/commit/5693c58a4815cc6327b8d3b6980f0e5aced28abe (v3.35.0)
EPSS
Процентиль: 19%
0.00061
Низкий
Связанные уязвимости
CVSS3: 6.8
ubuntu
2 месяца назад
An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.
CVSS3: 6.8
nvd
2 месяца назад
An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.
EPSS
Процентиль: 19%
0.00061
Низкий