Tomonori Fujita

**Name of the Vulnerable Software and Affected Versions** gobgp version 4.3.0 **Description** An integer underflow occurs in the `BGPUpdate.DecodeFromBytes()` function located in `/bgp/bgp.go`. This allows attackers to cause a Denial of Service (DoS) by supplying a specially crafted BGP UPDATE message. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** gobgp version 4.3.0 **Description** An out-of-bounds read in the `ParseIP6Extended()` function within the '/bgp/bgp.go' file allows attackers to cause a Denial of Service (DoS) by supplying a crafted BGP UPDATE message. **Recommendations** As a temporary workaround, consider restricting the processing of BGP UPDATE messages that trigger the `ParseIP6Extended()` function until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.