CVE-2025-43972 — Vulnetix

CVE-2025-43972 PUBLISHED CVSS 6.800000190734863 MEDIUM

An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.

EPSS 0.03% · 8.7th percentile

Risk Scores

CVSS v3.1

6.800000190734863

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS Score

0.03%

8.7th percentile

Affected Products

Vendor	Product	Versions
osrg	gobgp	0, 0
github.com	osrg/gobgp/v3	0, 0
GoBGP	GoBGP	0, 0
github.com	osrg/gobgp	0, 0

Timeline

Apr 21, 2025 CVE Published
Apr 21, 2025 EPSS Score
Apr 21, 2025 Coalition ESS Score
Apr 21, 2025 PoC Published
Apr 21, 2025 PoC Published
Apr 21, 2025 PoC Published
Apr 21, 2025 PoC Published
Apr 21, 2025 CVE Updated
May 3, 2025 EPSS Score
May 8, 2025 Coalition ESS Score
May 15, 2025 EPSS Score
May 28, 2025 EPSS Score

References

https://github.com/osrg/gobgp/compare/v3.34.0...v3.35.0 url
https://github.com/osrg/gobgp/commit/ca7383f450f7b296c5389feceef2467de5ab6e5a url
https://nvd.nist.gov/vuln/detail/CVE-2025-43972 advisory
https://github.com/osrg/gobgp package

Open in Interactive Console →