CVE-2025-43972

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-43972
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-43972.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-43972
Aliases
Related
Published
2025-04-21T01:15:45Z
Modified
2025-04-22T18:57:00.865446Z
Summary
[none]
Details

An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.

References

Affected packages

Debian:11 / gobgp

Package

Name
gobgp
Purl
pkg:deb/debian/gobgp?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.25.0-2
2.25.0-3
2.34.0-1

3.*

3.1.0-1~exp1
3.9.0-1
3.9.0-2
3.10.0-1
3.16.0-1
3.19.0-1
3.21.0-1
3.23.0-1
3.25.0-1
3.27.0-1
3.28.0-1
3.29.0-1
3.30.0-1
3.31.0-1
3.32.0-1
3.33.0-1
3.35.0-1
3.36.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / gobgp

Package

Name
gobgp
Purl
pkg:deb/debian/gobgp?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.10.0-1
3.16.0-1
3.19.0-1
3.21.0-1
3.23.0-1
3.25.0-1
3.27.0-1
3.28.0-1
3.29.0-1
3.30.0-1
3.31.0-1
3.32.0-1
3.33.0-1
3.35.0-1
3.36.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / gobgp

Package

Name
gobgp
Purl
pkg:deb/debian/gobgp?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.35.0-1

Affected versions

3.*

3.10.0-1
3.16.0-1
3.19.0-1
3.21.0-1
3.23.0-1
3.25.0-1
3.27.0-1
3.28.0-1
3.29.0-1
3.30.0-1
3.31.0-1
3.32.0-1
3.33.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/osrg/gobgp

Affected ranges

Type
GIT
Repo
https://github.com/osrg/gobgp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v1.*

v1.0
v1.1
v1.10
v1.11
v1.12
v1.13
v1.14
v1.15
v1.16
v1.17
v1.18
v1.19
v1.2
v1.20
v1.21
v1.22
v1.23
v1.24
v1.25
v1.26
v1.27
v1.28
v1.29
v1.3
v1.30
v1.31
v1.32
v1.33
v1.4
v1.5
v1.6
v1.7
v1.8
v1.9

v2.*

v2.0.0
v2.1.0
v2.10.0
v2.11.0
v2.12.0
v2.13.0
v2.14.0
v2.15.0
v2.16.0
v2.17.0
v2.18.0
v2.19.0
v2.2.0
v2.20.0
v2.21.0
v2.22.0
v2.23.0
v2.24.0
v2.25.0
v2.26.0
v2.27.0
v2.28.0
v2.29.0
v2.3.0
v2.30.0
v2.31.0
v2.32.0
v2.33.0
v2.34.0
v2.4.0
v2.5.0
v2.6.0
v2.7.0
v2.8.0
v2.9.0

v3.*

v3.0.0
v3.0.0-rc1
v3.0.0-rc2
v3.0.0-rc3
v3.0.0-rc4
v3.1.0
v3.10.0
v3.11.0
v3.12.0
v3.13.0
v3.14.0
v3.15.0
v3.16.0
v3.17.0
v3.19.0
v3.2.0
v3.20.0
v3.21.0
v3.22.0
v3.23.0
v3.24.0
v3.25.0
v3.26.0
v3.27.0
v3.28.0
v3.29.0
v3.3.0
v3.30.0
v3.31.0
v3.32.0
v3.33.0
v3.34.0
v3.4.0
v3.5.0
v3.6.0
v3.7.0
v3.8.0
v3.9.0