CVE-2025-43972
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-43972
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-43972.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-43972
- Aliases
- Downstream
- Related
- Published
- 2025-04-21T01:15:45Z
- Modified
- 2025-10-10T17:42:59.746596Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.
- References
Affected packages
Git / github.com/osrg/gobgp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/osrg/gobgp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.0
v1.1
v1.10
v1.11
v1.12
v1.13
v1.14
v1.15
v1.16
v1.17
v1.18
v1.19
v1.2
v1.20
v1.21
v1.22
v1.23
v1.24
v1.25
v1.26
v1.27
v1.28
v1.29
v1.3
v1.30
v1.31
v1.32
v1.33
v1.4
v1.5
v1.6
v1.7
v1.8
v1.9
v2.*
v2.0.0
v2.1.0
v2.10.0
v2.11.0
v2.12.0
v2.13.0
v2.14.0
v2.15.0
v2.16.0
v2.17.0
v2.18.0
v2.19.0
v2.2.0
v2.20.0
v2.21.0
v2.22.0
v2.23.0
v2.24.0
v2.25.0
v2.26.0
v2.27.0
v2.28.0
v2.29.0
v2.3.0
v2.30.0
v2.31.0
v2.32.0
v2.33.0
v2.34.0
v2.4.0
v2.5.0
v2.6.0
v2.7.0
v2.8.0
v2.9.0
v3.*
v3.0.0
v3.0.0-rc1
v3.0.0-rc2
v3.0.0-rc3
v3.0.0-rc4
v3.1.0
v3.10.0
v3.11.0
v3.12.0
v3.13.0
v3.14.0
v3.15.0
v3.16.0
v3.17.0
v3.19.0
v3.2.0
v3.20.0
v3.21.0
v3.22.0
v3.23.0
v3.24.0
v3.25.0
v3.26.0
v3.27.0
v3.28.0
v3.29.0
v3.3.0
v3.30.0
v3.31.0
v3.32.0
v3.33.0
v3.34.0
v3.4.0
v3.5.0
v3.6.0
v3.7.0
v3.8.0
v3.9.0