Primary

Context

GoBGP RTR Message Length Verification Vulnerability

Vulnerability

Patched

A vulnerability exists in GoBGP versions prior to 3.35.0, where the RTR (Router) message length is not properly validated. This oversight allows for situations where the input length may not match the actual availability of bytes in an RTR message, potentially leading to unexpected behavior or exploitation.

Impact

Exploitation of this vulnerability could result in a denial-of-service condition, causing the application to become unresponsive or unavailable.

Remediation

Users can upgrade to GoBGP version 3.35.0 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GoBGP RTR Message Length Verification Vulnerability

Vulnerability

Impact

Remediation

Affected Products

GoBGP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating