Primary

Context

GoBGP Panic Vulnerability Due to Zero Value in softwareVersionLen

Vulnerability

Patched

A vulnerability causing a panic has been identified in GoBGP versions prior to 3.35.0. The issue arises in the BGP packet handling code, where a zero value for softwareVersionLen can lead to a runtime panic, disrupting the application's operation.

Impact

Exploitation of this vulnerability leads to a runtime panic, causing a denial-of-service condition by abruptly terminating the affected process.

Remediation

Users can upgrade to GoBGP version 3.35.0 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GoBGP Panic Vulnerability Due to Zero Value in softwareVersionLen

Vulnerability

Impact

Remediation

Affected Products

GoBGP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating