CVE-2025-43973

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GoBGP versions prior to 3.35.0

Description An issue was discovered where the input length for an RTR message is not properly verified, potentially leading to issues when not all bytes are available for the message. This affects the pkg/packet/rtr/rtr.go file.

Recommendations For versions prior to 3.35.0, update to version 3.35.0 or later to resolve the issue. As a temporary workaround, consider implementing input length verification for RTR messages in the rtr.go file until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-193

Related Identifiers

BDU:2025-09850

CVE-2025-43973

GHSA-C5JG-WR5V-2WP2

GO-2025-3633

OPENSUSE-SU-2025:15017-1

USN-7661-1

Affected Products

Debian

Gobgp

Linuxmint

Red Os

Ubuntu

CVE-2025-43973

Weakness Enumeration

Related Identifiers

Affected Products

References · 54