An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.
{ "binaries": [ { "binary_version": "3.23.0-1ubuntu0.3+esm2", "binary_name": "gobgpd" }, { "binary_version": "3.23.0-1ubuntu0.3+esm2", "binary_name": "gobgpd-dbgsym" }, { "binary_version": "3.23.0-1ubuntu0.3+esm2", "binary_name": "golang-github-osrg-gobgp-dev" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro" }