HIGH 7.3
GHSA-pw7p-7fqv-hpj8
GoBGP: Integer underflow in the BGPUpdate.DecodeFromBytes function
Details
An integer underflow in the BGPUpdate.DecodeFromBytes function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/osrg/gobgp/v4
Introduced in:
0 Fixed in: 4.4.0 Fix
go get github.com/osrg/gobgp/v4@v4.4.0