How severe is CVE-2025-43970?

CVE-2025-43970 has a CVSS v3 score of 4.3 (MEDIUM).

CVE-2025-43970

Name: gobgp
Author: osrg

4.3MEDIUM

An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family).

Published: 4/21/2025Updated: 5/8/2025

Description

An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family).

AI AnalysisPowered by AI

Affected Products

osrggobgp

References

https://github.com/osrg/gobgp/commit/5153bafbe8dbe1a2f02a70bbf0365e98b80e47b0
Patch
https://github.com/osrg/gobgp/compare/v3.34.0...v3.35.0
PatchRelease Notes