CVE-2025-43972

Опубликовано: 21 апр. 2025

Источник: nvd

CVSS3: 6.8

CVSS3: 7.5

EPSS Низкий

Описание

An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.

Ссылки

https://github.com/osrg/gobgp/commit/ca7383f450f7b296c5389feceef2467de5ab6e5a
Patch
https://github.com/osrg/gobgp/compare/v3.34.0...v3.35.0
Patch
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:osrg:gobgp:*:*:*:*:*:*:*:*

Версия до 3.35.0 (исключая)

EPSS

Процентиль: 24%

0.00076

Низкий

6.8 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-1284

Связанные уязвимости

CVE-2025-43972

CVSS3: 6.8

ubuntu

2 месяца назад

An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.

CVE-2025-43972

CVSS3: 6.8

debian

2 месяца назад

An issue was discovered in GoBGP before 3.35.0. An attacker can cause ...

GHSA-mfvv-mgf6-q25r

CVSS3: 6.8

github

2 месяца назад

GoBGP crashes in the flowspec parser

EPSS

Процентиль: 24%

0.00076

Низкий

6.8 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-1284