CVE-2025-43972

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-43972

Severity

7.5

High

CVSS CVSS_V3

Description

An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.

References

https://images.chainguard.dev/security/CGA-v779-p8mq-r924
https://github.com/advisories/GHSA-mfvv-mgf6-q25r
https://images.chainguard.dev/security/CGA-vm94-3r3g-cv88
https://images.chainguard.dev/security/CGA-mm9c-j8p6-cwmv
https://images.chainguard.dev/security/CGA-m27m-hfmc-94f2
https://images.chainguard.dev/security/CGA-534h-64xm-hf89
https://images.chainguard.dev/security/CGA-vc2c-2x5m-cpw5
https://github.com/osrg/gobgp/compare/v3.34.0...v3.35.0
https://github.com/osrg/gobgp/commit/ca7383f450f7b296c5389feceef2467de5ab6e5a
https://security-tracker.debian.org/tracker/CVE-2025-43972

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

CVE-2025-43972

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources