CVE-2025-43970
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-43970
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-43970.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-43970
- Aliases
- Downstream
- Related
- Published
- 2025-04-21T01:15:45Z
- Modified
- 2025-10-18T06:41:34.350388Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family).
- References
Affected packages
Git / github.com/osrg/gobgp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/osrg/gobgp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.0
v1.1
v1.10
v1.11
v1.12
v1.13
v1.14
v1.15
v1.16
v1.17
v1.18
v1.19
v1.2
v1.20
v1.21
v1.22
v1.23
v1.24
v1.25
v1.26
v1.27
v1.28
v1.29
v1.3
v1.30
v1.31
v1.32
v1.33
v1.4
v1.5
v1.6
v1.7
v1.8
v1.9
v2.*
v2.0.0
v2.1.0
v2.10.0
v2.11.0
v2.12.0
v2.13.0
v2.14.0
v2.15.0
v2.16.0
v2.17.0
v2.18.0
v2.19.0
v2.2.0
v2.20.0
v2.21.0
v2.22.0
v2.23.0
v2.24.0
v2.25.0
v2.26.0
v2.27.0
v2.28.0
v2.29.0
v2.3.0
v2.30.0
v2.31.0
v2.32.0
v2.33.0
v2.34.0
v2.4.0
v2.5.0
v2.6.0
v2.7.0
v2.8.0
v2.9.0
v3.*
v3.0.0
v3.0.0-rc1
v3.0.0-rc2
v3.0.0-rc3
v3.0.0-rc4
v3.1.0
v3.10.0
v3.11.0
v3.12.0
v3.13.0
v3.14.0
v3.15.0
v3.16.0
v3.17.0
v3.19.0
v3.2.0
v3.20.0
v3.21.0
v3.22.0
v3.23.0
v3.24.0
v3.25.0
v3.26.0
v3.27.0
v3.28.0
v3.29.0
v3.3.0
v3.30.0
v3.31.0
v3.32.0
v3.33.0
v3.34.0
v3.4.0
v3.5.0
v3.6.0
v3.7.0
v3.8.0
v3.9.0