Bacon251

**Name of the Vulnerable Software and Affected Versions** GoBGP versions prior to 4.5.0 **Description** An unauthenticated remote BGP peer can cause a fatal panic and complete loss of service availability by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent attribute lengths, it improperly handles the internal state transition to a withdraw action. This leads to a nil pointer dereference—a situation where the software attempts to access a memory location that does not exist—within the `AdjRib.Update()` function. The issue originates from the interaction between the BGP message decoding logic and the Adj-RIB table management, specifically when the `handleUpdate` function processes malformed attributes. **Recommendations** Update to version 4.5.0.

**Name of the Vulnerable Software and Affected Versions** GoBGP versions prior to 4.4.0 **Description** A remote Denial of Service (DoS) issue exists due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as "Well-known," the daemon fails to interrupt the message handling flow. This leads to an illegal memory access and a full process crash (panic) instead of simply closing the affected session. The issue is located in the Finite State Machine (FSM) message handling loop within the `recvMessageloop()` function in the `pkg/server/fsm.go` file. **Recommendations** Update to version 4.4.0.

**Name of the Vulnerable Software and Affected Versions** GoBGP versions prior to 4.3.0 **Description** A remote Denial of Service (DoS) issue exists where a malformed BGP UPDATE message can trigger a runtime error resulting in an index out of range panic. This occurs during the processing of 4-byte AS attributes within the `UpdatePathAttrs4ByteAs()` function located in internal/pkg/table/message.go. When a BGP UPDATE message contains both an AS PATH and an AS4 PATH attribute, and the AS4 PATH (Type 17) appears before the AS PATH (Type 2) and is malformed, the software attempts to remove the AS4 PATH from the `msg.PathAttributes` slice. This deletion causes subsequent attributes to shift left, but the function continues to use a stale index to update the AS PATH, leading to a process crash. **Recommendations** Update to version 4.3.0.

**Name of the Vulnerable Software and Affected Versions** GoBGP versions 4.2.0 **Description** An issue allows a remote attacker to cause a denial of service via the NEXT HOP path attribute. The issue resides in the handling of the `NEXT HOP` path attribute within the GoBGP software. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.