How severe is CVE-2025-43970?

CVE-2025-43970 has a CVSS v3 score of 4.3 (MEDIUM).

CVE-2025-43970

Name: gobgp
Author: osrg

4.3MEDIUM

An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family).

Publicado: 4/21/2025Atualizado: 5/8/2025

Descrição

An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family).

Análise IADesenvolvido por IA

Produtos Afetados

osrggobgp

Referências

https://github.com/osrg/gobgp/commit/5153bafbe8dbe1a2f02a70bbf0365e98b80e47b0
Patch
https://github.com/osrg/gobgp/compare/v3.34.0...v3.35.0
PatchRelease Notes