CVE-2025-7464

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-7464

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-7464.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-7464

Downstream

UBUNTU-CVE-2025-7464

Published

2025-07-12T07:15:22Z

Modified

2025-07-15T14:48:51.960568Z

Severity

3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

A vulnerability classified as problematic has been found in osrg GoBGP up to 3.37.0. Affected is the function SplitRTR of the file pkg/packet/rtr/rtr.go. The manipulation leads to out-of-bounds read. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The name of the patch is e748f43496d74946d14fed85c776452e47b99d64. It is recommended to apply a patch to fix this issue.

References

Affected packages

Debian:11 / gobgp

Package

Name: gobgp
Purl: pkg:deb/debian/gobgp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.25.0-2

2.25.0-3

2.34.0-1

3.*

3.1.0-1~exp1

3.9.0-1

3.9.0-2

3.10.0-1

3.16.0-1

3.19.0-1

3.21.0-1

3.23.0-1

3.25.0-1

3.27.0-1

3.28.0-1

3.29.0-1

3.30.0-1

3.31.0-1

3.32.0-1

3.33.0-1

3.35.0-1

3.36.0-1

3.36.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / gobgp

Package

Name: gobgp
Purl: pkg:deb/debian/gobgp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.10.0-1

3.16.0-1

3.19.0-1

3.21.0-1

3.23.0-1

3.25.0-1

3.27.0-1

3.28.0-1

3.29.0-1

3.30.0-1

3.31.0-1

3.32.0-1

3.33.0-1

3.35.0-1

3.36.0-1

3.36.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / gobgp

Package

Name: gobgp
Purl: pkg:deb/debian/gobgp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.10.0-1

3.16.0-1

3.19.0-1

3.21.0-1

3.23.0-1

3.25.0-1

3.27.0-1

3.28.0-1

3.29.0-1

3.30.0-1

3.31.0-1

3.32.0-1

3.33.0-1

3.35.0-1

3.36.0-1

3.36.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/osrg/gobgp

Affected ranges

Type: GIT
Repo: https://github.com/osrg/gobgp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e748f43496d74946d14fed85c776452e47b99d64

Affected versions

v1.*

v1.0

v1.1

v1.10

v1.11

v1.12

v1.13

v1.14

v1.15

v1.16

v1.17

v1.18

v1.19

v1.2

v1.20

v1.21

v1.22

v1.23

v1.24

v1.25

v1.26

v1.27

v1.28

v1.29

v1.3

v1.30

v1.31

v1.32

v1.33

v1.4

v1.5

v1.6

v1.7

v1.8

v1.9

v2.*

v2.0.0

v2.1.0

v2.10.0

v2.11.0

v2.12.0

v2.13.0

v2.14.0

v2.15.0

v2.16.0

v2.17.0

v2.18.0

v2.19.0

v2.2.0

v2.20.0

v2.21.0

v2.22.0

v2.23.0

v2.24.0

v2.25.0

v2.26.0

v2.27.0

v2.28.0

v2.29.0

v2.3.0

v2.30.0

v2.31.0

v2.32.0

v2.33.0

v2.34.0

v2.4.0

v2.5.0

v2.6.0

v2.7.0

v2.8.0

v2.9.0

v3.*

v3.0.0

v3.0.0-rc1

v3.0.0-rc2

v3.0.0-rc3

v3.0.0-rc4

v3.1.0

v3.10.0

v3.11.0

v3.12.0

v3.13.0

v3.14.0

v3.15.0

v3.16.0

v3.17.0

v3.19.0

v3.2.0

v3.20.0

v3.21.0

v3.22.0

v3.23.0

v3.24.0

v3.25.0

v3.26.0

v3.27.0

v3.28.0

v3.29.0

v3.3.0

v3.30.0

v3.31.0

v3.32.0

v3.33.0

v3.34.0

v3.35.0

v3.36.0

v3.37.0

v3.4.0

v3.5.0

v3.6.0

v3.7.0

v3.8.0

v3.9.0