CVE-2025-43971

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-43971

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-43971.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-43971

Aliases

Related

Published

2025-04-21T01:15:45Z

Modified

2025-04-22T18:43:54.678767Z

Summary

[none]

Details

An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.

References

Affected packages

Debian:11 / gobgp

Package

Name: gobgp
Purl: pkg:deb/debian/gobgp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.25.0-2

2.25.0-3

2.34.0-1

3.*

3.1.0-1~exp1

3.9.0-1

3.9.0-2

3.10.0-1

3.16.0-1

3.19.0-1

3.21.0-1

3.23.0-1

3.25.0-1

3.27.0-1

3.28.0-1

3.29.0-1

3.30.0-1

3.31.0-1

3.32.0-1

3.33.0-1

3.35.0-1

3.36.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / gobgp

Package

Name: gobgp
Purl: pkg:deb/debian/gobgp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.10.0-1

3.16.0-1

3.19.0-1

3.21.0-1

3.23.0-1

3.25.0-1

3.27.0-1

3.28.0-1

3.29.0-1

3.30.0-1

3.31.0-1

3.32.0-1

3.33.0-1

3.35.0-1

3.36.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / gobgp

Package

Name: gobgp
Purl: pkg:deb/debian/gobgp?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.35.0-1

Affected versions

3.*

3.10.0-1

3.16.0-1

3.19.0-1

3.21.0-1

3.23.0-1

3.25.0-1

3.27.0-1

3.28.0-1

3.29.0-1

3.30.0-1

3.31.0-1

3.32.0-1

3.33.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/osrg/gobgp

Affected ranges

Type: GIT
Repo: https://github.com/osrg/gobgp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

08a001e06d90e8bcc190084c66992f46f62c0986

Affected versions

v1.*

v1.0

v1.1

v1.10

v1.11

v1.12

v1.13

v1.14

v1.15

v1.16

v1.17

v1.18

v1.19

v1.2

v1.20

v1.21

v1.22

v1.23

v1.24

v1.25

v1.26

v1.27

v1.28

v1.29

v1.3

v1.30

v1.31

v1.32

v1.33

v1.4

v1.5

v1.6

v1.7

v1.8

v1.9

v2.*

v2.0.0

v2.1.0

v2.10.0

v2.11.0

v2.12.0

v2.13.0

v2.14.0

v2.15.0

v2.16.0

v2.17.0

v2.18.0

v2.19.0

v2.2.0

v2.20.0

v2.21.0

v2.22.0

v2.23.0

v2.24.0

v2.25.0

v2.26.0

v2.27.0

v2.28.0

v2.29.0

v2.3.0

v2.30.0

v2.31.0

v2.32.0

v2.33.0

v2.34.0

v2.4.0

v2.5.0

v2.6.0

v2.7.0

v2.8.0

v2.9.0

v3.*

v3.0.0

v3.0.0-rc1

v3.0.0-rc2

v3.0.0-rc3

v3.0.0-rc4

v3.1.0

v3.10.0

v3.11.0

v3.12.0

v3.13.0

v3.14.0

v3.15.0

v3.16.0

v3.17.0

v3.19.0

v3.2.0

v3.20.0

v3.21.0

v3.22.0

v3.23.0

v3.24.0

v3.25.0

v3.26.0

v3.27.0

v3.28.0

v3.29.0

v3.3.0

v3.30.0

v3.31.0

v3.32.0

v3.33.0

v3.34.0

v3.4.0

v3.5.0

v3.6.0

v3.7.0

v3.8.0

v3.9.0