GoBGP Integer Underflow Vulnerability in BGP Update Decoding Function Allows Denial-of-Service

An integer underflow vulnerability has been identified in GoBGP version 4.3.0, specifically within the BGPUpdate.DecodeFromBytes function. This vulnerability allows attackers to cause a denial-of-service condition by sending a crafted BGP UPDATE message. The underflow occurs when the message length is improperly validated, enabling the manipulation of data processing boundaries.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, where the application may crash or become unresponsive due to excessive data processing.

Reproduction

The vulnerability can be reproduced by sending a BGP UPDATE message with a manipulated length that creates an underflow. This can be done by setting the WithdrawnRoutesLen or TotalPathAttributeLen fields to values that are smaller than the actual data being sent, causing the length calculations to wrap around and incorrectly process the message.

Remediation

Users can upgrade to GoBGP version 4.6.0 or later, where this vulnerability has been fixed.