CVE-2025-43973

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-43973

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-43973.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-43973

Aliases

Related

Published

2025-04-21T01:15:45Z

Modified

2025-04-22T18:57:02.727553Z

Summary

[none]

Details

An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.

References

Affected packages

Debian:11 / gobgp

Package

Name: gobgp
Purl: pkg:deb/debian/gobgp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.25.0-2

2.25.0-3

2.34.0-1

3.*

3.1.0-1~exp1

3.9.0-1

3.9.0-2

3.10.0-1

3.16.0-1

3.19.0-1

3.21.0-1

3.23.0-1

3.25.0-1

3.27.0-1

3.28.0-1

3.29.0-1

3.30.0-1

3.31.0-1

3.32.0-1

3.33.0-1

3.35.0-1

3.36.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / gobgp

Package

Name: gobgp
Purl: pkg:deb/debian/gobgp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.10.0-1

3.16.0-1

3.19.0-1

3.21.0-1

3.23.0-1

3.25.0-1

3.27.0-1

3.28.0-1

3.29.0-1

3.30.0-1

3.31.0-1

3.32.0-1

3.33.0-1

3.35.0-1

3.36.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / gobgp

Package

Name: gobgp
Purl: pkg:deb/debian/gobgp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.35.0-1

Affected versions

3.*

3.10.0-1

3.16.0-1

3.19.0-1

3.21.0-1

3.23.0-1

3.25.0-1

3.27.0-1

3.28.0-1

3.29.0-1

3.30.0-1

3.31.0-1

3.32.0-1

3.33.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/osrg/gobgp

Affected ranges

Type: GIT
Repo: https://github.com/osrg/gobgp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5693c58a4815cc6327b8d3b6980f0e5aced28abe

Affected versions

v1.*

v1.0

v1.1

v1.10

v1.11

v1.12

v1.13

v1.14

v1.15

v1.16

v1.17

v1.18

v1.19

v1.2

v1.20

v1.21

v1.22

v1.23

v1.24

v1.25

v1.26

v1.27

v1.28

v1.29

v1.3

v1.30

v1.31

v1.32

v1.33

v1.4

v1.5

v1.6

v1.7

v1.8

v1.9

v2.*

v2.0.0

v2.1.0

v2.10.0

v2.11.0

v2.12.0

v2.13.0

v2.14.0

v2.15.0

v2.16.0

v2.17.0

v2.18.0

v2.19.0

v2.2.0

v2.20.0

v2.21.0

v2.22.0

v2.23.0

v2.24.0

v2.25.0

v2.26.0

v2.27.0

v2.28.0

v2.29.0

v2.3.0

v2.30.0

v2.31.0

v2.32.0

v2.33.0

v2.34.0

v2.4.0

v2.5.0

v2.6.0

v2.7.0

v2.8.0

v2.9.0

v3.*

v3.0.0

v3.0.0-rc1

v3.0.0-rc2

v3.0.0-rc3

v3.0.0-rc4

v3.1.0

v3.10.0

v3.11.0

v3.12.0

v3.13.0

v3.14.0

v3.15.0

v3.16.0

v3.17.0

v3.19.0

v3.2.0

v3.20.0

v3.21.0

v3.22.0

v3.23.0

v3.24.0

v3.25.0

v3.26.0

v3.27.0

v3.28.0

v3.29.0

v3.3.0

v3.30.0

v3.31.0

v3.32.0

v3.33.0

v3.34.0

v3.4.0

v3.5.0

v3.6.0

v3.7.0

v3.8.0

v3.9.0