Описание
GoBGP does not verify that the input length
An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.
Пакеты
Наименование
github.com/osrg/gobgp
go
Затронутые версииВерсия исправления
Отсутствует
Наименование
github.com/osrg/gobgp/v3
go
Затронутые версииВерсия исправления
< 3.35.0
3.35.0
Связанные уязвимости
CVSS3: 6.8
ubuntu
2 месяца назад
An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.
CVSS3: 6.8
nvd
2 месяца назад
An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.
CVSS3: 6.8
debian
2 месяца назад
An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go ...