Описание
An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| gobgp | fixed | 3.35.0-1 | package | |
| gobgp | no-dsa | bookworm | package | |
| gobgp | postponed | bullseye | package |
Примечания
Fixed by: https://github.com/osrg/gobgp/commit/5693c58a4815cc6327b8d3b6980f0e5aced28abe (v3.35.0)
EPSS
Связанные уязвимости
An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.
An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.
Уязвимость компонента pkg/packet/rtr/rtr.go реализации протокола BGP (Border Gateway Protocol) GoBGP, позволяющая нарушителю выполнить произвольный код
EPSS