Sunxj

**Name of the Vulnerable Software and Affected Versions** osrg GoBGP versions prior to 4.4.0 **Description** A remote attack can be launched against the `parseRibEntry()` function in the pkg/packet/mrt/mrt.go file, which may lead to an integer underflow. Integer underflow occurs when an arithmetic operation attempts to create a numeric value smaller than the minimum value the variable can store. **Recommendations** Update to version 4.4.0. As a temporary workaround, restrict access to the `parseRibEntry()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** osrg GoBGP versions prior to 4.4.0 **Description** A remote out-of-bounds read can occur within the BMP Parser component. The issue exists in the `BMPPeerUpNotification.ParseBody` and `BMPStatisticsReport.ParseBody` functions located in the `pkg/packet/bmp/bmp.go` file. **Recommendations** Update to version 4.4.0.

**Name of the Vulnerable Software and Affected Versions** osrg GoBGP versions through 4.3.0 **Description** A weakness exists in the DecodeFromBytes function within the pkg/packet/bgp/bgp.go file of osrg GoBGP. Manipulating the `data[1]` argument can lead to an off-by-one error. The attack can be launched remotely and is considered highly complex with difficult exploitability. The identified patch is 67c059413470df64bc20801c46f64058e88f800f. **Recommendations** Apply the patch 67c059413470df64bc20801c46f64058e88f800f to address the issue.

**Name of the Vulnerable Software and Affected Versions** osrg GoBGP versions through 4.3.0 **Description** A security issue has been identified in osrg GoBGP. The `BGPHeader.DecodeFromBytes` function within the BGP Header Handler component, located in the file `pkg/packet/bgp/bgp.go`, is susceptible to improper access controls. Remote exploitation is possible, and the attack is considered to have high complexity with difficult exploitability. **Recommendations** Deploy the patch with identifier f0f24a2a901cbf159260698211ab15c583ced131.