VDB
KO
HIGH 7.3

GHSA-pw7p-7fqv-hpj8

GoBGP: Integer underflow in the BGPUpdate.DecodeFromBytes function

Details

An integer underflow in the BGPUpdate.DecodeFromBytes function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.

Are you affected?

Enter the version of the package you're using.

Affected packages

Go / github.com/osrg/gobgp/v4
Introduced in: 0 Fixed in: 4.4.0
Fix go get github.com/osrg/gobgp/v4@v4.4.0

References