CVE-2025-43972

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-43972
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-43972.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-43972
Aliases
Downstream
Related
Published
2025-04-21T01:15:45.563Z
Modified
2026-03-13T07:53:05.561442Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.

References

Affected packages

Git / github.com/osrg/gobgp

Affected ranges

Type
GIT
Repo
https://github.com/osrg/gobgp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5365453707a9f9bcbeb2cc4cff24803ffcc9bbaa
Fixed
ca7383f450f7b296c5389feceef2467de5ab6e5a
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.35.0"
        }
    ]
}

Affected versions

v1.*
v1.0
v1.1
v1.10
v1.11
v1.12
v1.13
v1.14
v1.15
v1.16
v1.17
v1.18
v1.19
v1.2
v1.20
v1.21
v1.22
v1.23
v1.24
v1.25
v1.26
v1.27
v1.28
v1.29
v1.3
v1.30
v1.31
v1.32
v1.33
v1.4
v1.5
v1.6
v1.7
v1.8
v1.9
v2.*
v2.0.0
v2.1.0
v2.10.0
v2.11.0
v2.12.0
v2.13.0
v2.14.0
v2.15.0
v2.16.0
v2.17.0
v2.18.0
v2.19.0
v2.2.0
v2.20.0
v2.21.0
v2.22.0
v2.23.0
v2.24.0
v2.25.0
v2.26.0
v2.27.0
v2.28.0
v2.29.0
v2.3.0
v2.30.0
v2.31.0
v2.32.0
v2.33.0
v2.34.0
v2.4.0
v2.5.0
v2.6.0
v2.7.0
v2.8.0
v2.9.0
v3.*
v3.0.0
v3.0.0-rc1
v3.0.0-rc2
v3.0.0-rc3
v3.0.0-rc4
v3.1.0
v3.10.0
v3.11.0
v3.12.0
v3.13.0
v3.14.0
v3.15.0
v3.16.0
v3.17.0
v3.19.0
v3.2.0
v3.20.0
v3.21.0
v3.22.0
v3.23.0
v3.24.0
v3.25.0
v3.26.0
v3.27.0
v3.28.0
v3.29.0
v3.3.0
v3.30.0
v3.31.0
v3.32.0
v3.33.0
v3.34.0
v3.4.0
v3.5.0
v3.6.0
v3.7.0
v3.8.0
v3.9.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-43972.json"