GHSA-mfvv-mgf6-q25r

Опубликовано: 21 апр. 2025

Источник: github

Github: Прошло ревью

CVSS3: 6.8

Описание

GoBGP crashes in the flowspec parser

An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.

Ссылки

Пакеты

Наименование

github.com/osrg/gobgp

Затронутые версииВерсия исправления

Отсутствует

Наименование

github.com/osrg/gobgp/v3

Затронутые версииВерсия исправления

< 3.35.0

3.35.0

EPSS

Процентиль: 24%

0.00076

Низкий

6.8 Medium

CVSS3

CVE ID

CVE-2025-43972

Дефекты

CWE-1284

Связанные уязвимости

CVE-2025-43972

CVSS3: 6.8

ubuntu

2 месяца назад

An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.

CVE-2025-43972

CVSS3: 6.8

nvd

2 месяца назад

An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.

CVE-2025-43972

CVSS3: 6.8

debian

2 месяца назад

An issue was discovered in GoBGP before 3.35.0. An attacker can cause ...

EPSS

Процентиль: 24%

0.00076

Низкий

6.8 Medium

CVSS3

CVE ID

CVE-2025-43972

Дефекты

CWE-1284