Primary

Context

GoBGP Input Length Validation Vulnerability in MRT Packet Processing

Vulnerability

Patched

A vulnerability exists in GoBGP versions prior to 3.35.0, specifically in the MRT packet processing component. The issue arises because the software fails to properly validate the input length of MRT packets, not ensuring that they contain the required 12 bytes or 36 bytes, depending on the address family.

Impact

Exploitation of this vulnerability could lead to improper handling of MRT packets, potentially causing unexpected behavior or errors in the BGP processing.

Remediation

Users can upgrade to GoBGP version 3.35.0 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GoBGP Input Length Validation Vulnerability in MRT Packet Processing

Vulnerability

Impact

Remediation

Affected Products

GoBGP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating