Primary

Context

GoBGP Flowspec Parser Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in GoBGP versions prior to 3.35.0. The issue arises in the flowspec parser of the BGP package, where an attacker can cause a crash by sending fewer than 20 bytes in a specific context.

Impact

Exploitation of this vulnerability leads to a crash of the GoBGP process, causing a denial-of-service condition.

Remediation

Users can upgrade to GoBGP version 3.35.0 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GoBGP Flowspec Parser Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

GoBGP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating