
We found results for “”
CVE-2025-43970
Good to know:

Date: April 20, 2025
An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family).
Severity Score
Related Resources (7)
Severity Score
Weakness Type (CWE)
Improper Validation of Specified Quantity in Input
CWE-1284Top Fix

Upgrade Version
Upgrade to version github.com/osrg/gobgp/v3 - v3.35.0;https://github.com/osrg/gobgp.git - v3.35.0
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | CHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | LOW |