How severe is CVE-2025-43970?

CVE-2025-43970 has a CVSS v3 score of 4.3 (MEDIUM).

CVE-2025-43970

Name: gobgp
Author: osrg

4.3MEDIUM

An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family).

Publicado: 4/21/2025Actualizado: 5/8/2025

Descripción

An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family).

Análisis IAImpulsado por IA

Productos Afectados

osrggobgp

Referencias

https://github.com/osrg/gobgp/commit/5153bafbe8dbe1a2f02a70bbf0365e98b80e47b0
Patch
https://github.com/osrg/gobgp/compare/v3.34.0...v3.35.0
PatchRelease Notes