Описание
An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family).
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 3.35.0-1 |
| esm-apps/bionic | released | 1.29-1ubuntu0.1+esm1 |
| esm-apps/focal | released | 2.12.0-1ubuntu0.1~esm2 |
| esm-apps/jammy | released | 2.25.0-3ubuntu0.1+esm2 |
| esm-apps/noble | released | 3.23.0-1ubuntu0.3+esm2 |
| focal | ignored | end of standard support, was needs-triage |
| jammy | needed | |
| noble | needed | |
| oracular | ignored | end of life, was needed |
| plucky | not-affected | 3.35.0-1 |
Показывать по
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family).
An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go ...
Уязвимость компонента pkg/packet/mrt/mrt.go реализации протокола BGP (Border Gateway Protocol) GoBGP, позволяющая нарушителю выполнить произвольный код
EPSS
4.3 Medium
CVSS3