osrg GoBGP Improper Input Validation Vulnerability in BGP Header Handling

A vulnerability exists in osrg GoBGP versions prior to 4.3.0, specifically within the BGPHeader.DecodeFromBytes function in the BGP Header Handler component. The issue arises from improper input validation of the 16-byte BGP Marker field, which is not correctly checked against the requirement that all bytes must be set to 0xFF. This oversight allows BGP messages with arbitrary Marker values to be accepted as valid, potentially leading to issues with malformed or injected traffic on an established TCP session.

Impact

The vulnerability creates an access control issue, allowing improperly validated BGP messages to be accepted, which could disrupt normal BGP operations or introduce malicious traffic into the network.

Reproduction

The vulnerability can be reproduced by sending BGP messages with invalid Marker field values to a GoBGP instance. The BGPHeader.DecodeFromBytes function will accept these messages without proper validation, contrary to the specifications outlined in RFC 4271.

Remediation

Users are advised to update to GoBGP version 4.3.1 or later, where this vulnerability has been patched.