UBUNTU-CVE-2025-7464

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-7464

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-7464.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-7464

Upstream

CVE-2025-7464

Published

2025-07-12T07:15:00Z

Modified

2026-06-03T07:15:13.193928744Z

Severity

3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

A vulnerability classified as problematic has been found in osrg GoBGP up to 3.37.0. Affected is the function SplitRTR of the file pkg/packet/rtr/rtr.go. The manipulation leads to out-of-bounds read. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The name of the patch is e748f43496d74946d14fed85c776452e47b99d64. It is recommended to apply a patch to fix this issue.

References

Affected packages

Ubuntu:25.10

gobgp

Package

Name: gobgp
Purl: pkg:deb/ubuntu/gobgp?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.35.0-1

3.36.0-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "gobgpd",
            "binary_version": "3.36.0-2"
        },
        {
            "binary_name": "golang-github-osrg-gobgp-dev",
            "binary_version": "3.36.0-2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-7464.json"

Ubuntu:Pro:18.04:LTS

gobgp

Package

Name: gobgp
Purl: pkg:deb/ubuntu/gobgp?arch=source&distro=esm-apps%2Fbionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.15-1

1.29-1

1.29-1ubuntu0.1+esm1

1.29-1ubuntu0.1+esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "gobgpd",
            "binary_version": "1.29-1ubuntu0.1+esm2"
        },
        {
            "binary_name": "golang-github-osrg-gobgp-dev",
            "binary_version": "1.29-1ubuntu0.1+esm2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-7464.json"

Ubuntu:Pro:20.04:LTS

gobgp

Package

Name: gobgp
Purl: pkg:deb/ubuntu/gobgp?arch=source&distro=esm-apps%2Ffocal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.33-1

2.*

2.11.0-1

2.12.0-1

2.12.0-1ubuntu0.1~esm1

2.12.0-1ubuntu0.1~esm2

2.12.0-1ubuntu0.1~esm3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "gobgpd",
            "binary_version": "2.12.0-1ubuntu0.1~esm3"
        },
        {
            "binary_name": "golang-github-osrg-gobgp-dev",
            "binary_version": "2.12.0-1ubuntu0.1~esm3"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-7464.json"

Ubuntu:Pro:22.04:LTS

gobgp

Package

Name: gobgp
Purl: pkg:deb/ubuntu/gobgp?arch=source&distro=esm-apps%2Fjammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.25.0-2

2.25.0-3

2.25.0-3build1

2.25.0-3ubuntu0.1

2.25.0-3ubuntu0.1+esm1

2.25.0-3ubuntu0.1+esm2

2.25.0-3ubuntu0.1+esm3

2.25.0-3ubuntu0.1+esm4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "gobgpd",
            "binary_version": "2.25.0-3ubuntu0.1+esm4"
        },
        {
            "binary_name": "golang-github-osrg-gobgp-dev",
            "binary_version": "2.25.0-3ubuntu0.1+esm4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-7464.json"

Ubuntu:Pro:24.04:LTS

gobgp

Package

Name: gobgp
Purl: pkg:deb/ubuntu/gobgp?arch=source&distro=esm-apps%2Fnoble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.16.0-1build1

3.19.0-1

3.21.0-1

3.23.0-1

3.23.0-1ubuntu0.1

3.23.0-1ubuntu0.2

3.23.0-1ubuntu0.2+esm1

3.23.0-1ubuntu0.3

3.23.0-1ubuntu0.3+esm1

3.23.0-1ubuntu0.3+esm2

3.23.0-1ubuntu0.3+esm3

3.23.0-1ubuntu0.3+esm4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "gobgpd",
            "binary_version": "3.23.0-1ubuntu0.3+esm4"
        },
        {
            "binary_name": "golang-github-osrg-gobgp-dev",
            "binary_version": "3.23.0-1ubuntu0.3+esm4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-7464.json"

Ubuntu:Pro:26.04:LTS

gobgp

Package

Name: gobgp
Purl: pkg:deb/ubuntu/gobgp?arch=source&distro=esm-apps%2Fresolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.36.0-2

3.36.0-2build1

3.36.0-2ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "gobgpd",
            "binary_version": "3.36.0-2ubuntu0.1~esm1"
        },
        {
            "binary_name": "golang-github-osrg-gobgp-dev",
            "binary_version": "3.36.0-2ubuntu0.1~esm1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-7464.json"