GoBGP Out-of-Bounds Read Vulnerability in BGP Update Message Processing

A denial-of-service vulnerability has been identified in GoBGP version 4.3.0. The issue arises from an out-of-bounds read in the ParseIP6Extended function within the BGP packet handling code. This vulnerability allows attackers to cause a denial-of-service condition by sending a crafted BGP UPDATE message that exploits the insufficient length validation for IPv6 extended communities. Although the vulnerability was not reachable in practice, it could have led to data corruption by allowing the BGP update message processing to consume data beyond the intended boundaries, potentially causing the application to crash or behave unexpectedly.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to crash or become unresponsive.

Reproduction

The vulnerability can be reproduced by sending a BGP UPDATE message with a crafted IPv6 extended community that violates the expected length requirements. This can be done using a BGP client or tool that allows for the manipulation of BGP message contents. The malformed UPDATE message will trigger the out-of-bounds read, causing a denial-of-service condition on the affected GoBGP instance.

Remediation

Users can upgrade to GoBGP version 4.5.0, where this vulnerability has been addressed, to mitigate the issue.