CVE-2025-43973

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-43973

Severity

Unknown

Description

An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.

References

https://images.chainguard.dev/security/CGA-8q54-263w-c45f
https://github.com/advisories/GHSA-c5jg-wr5v-2wp2
https://images.chainguard.dev/security/CGA-84v2-492v-v6p5
https://images.chainguard.dev/security/CGA-3p6r-qv7m-rcjm
https://images.chainguard.dev/security/CGA-2jf6-7gjm-5mp5
https://images.chainguard.dev/security/CGA-v79m-pffh-9c9p
https://images.chainguard.dev/security/CGA-4r3v-v7g6-qxv6
https://github.com/osrg/gobgp/commit/5693c58a4815cc6327b8d3b6980f0e5aced28abe
https://github.com/osrg/gobgp/compare/v3.34.0...v3.35.0
https://security-tracker.debian.org/tracker/CVE-2025-43973

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2025-43973

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources