CVE-2023-46565 — Vulnetix

CVE-2023-46565 PUBLISHED CVSS 8.699999809265137 HIGH

Buffer Overflow vulnerability in osrg gobgp commit 419c50dfac578daa4d11256904d0dc182f1a9b22 allows a remote attacker to cause a denial of service via the handlingError function in pkg/server/fsm.go.

EPSS 0.26% · 49.8th percentile

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.26%

49.8th percentile

Affected Products

Vendor	Product	Versions
osrg	gobgp	419c50dfac578daa4d11256904d0dc182f1a9b22, 419c50dfac578daa4d11256904d0dc182f1a9b22
github.com	osrg/gobgp/v3	0, 0, 0
n/a	n/a	n/a, n/a

Timeline

Apr 29, 2024 CVE Published
Apr 30, 2024 EPSS Score
May 24, 2024 EPSS Score
Jun 18, 2024 EPSS Score
Jul 12, 2024 EPSS Score
Aug 6, 2024 EPSS Score
Sep 6, 2024 CVE Updated
Sep 23, 2024 EPSS Score
Oct 18, 2024 EPSS Score
Nov 11, 2024 EPSS Score
Dec 7, 2024 EPSS Score
Dec 31, 2024 EPSS Score

References

https://github.com/osrg/gobgp/issues/2725 url
https://nvd.nist.gov/vuln/detail/CVE-2023-46565 advisory
https://github.com/osrg/gobgp/commit/419c50dfac578daa4d11256904d0dc182f1a9b22 url
https://github.com/osrg/gobgp package

Open in Interactive Console →