Upstream information

CVE-2025-43973 at MITRE

Description

An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v3 Scores
  CNA (MITRE)
Base Score 6.8
Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Changed
Confidentiality Impact None
Integrity Impact None
Availability Impact High
CVSSv3 Version 3.1
No SUSE Bugzilla entries cross referenced.

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Tumbleweed
  • govulncheck-vulndb >= 0.0.20250422T181640-1.1
Patchnames:
openSUSE-Tumbleweed-2025-15017


SUSE Timeline for this CVE

CVE page created: Mon Apr 21 04:00:27 2025
CVE page last modified: Tue Apr 29 16:14:18 2025