Vulnerability Database

309,587

Total vulnerabilities in the database

CVE-2025-43970

An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family).

Published: Apr 21, 2025
Updated: Nov 24, 2025
CVE: CVE-2025-43970
GHSA: GHSA-hqhq-hp5x-xp3w
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

CWEs:

CWE-1284

Affected Software
References

Software	From	Fixed in
github.com/osrg/gobgp	-	-
github.com/osrg/gobgp/v3	-	3.35.0
osrg / gobgp	-	3.35.0

https://github.com/osrg/gobgp/commit/5153bafbe8dbe1a2f02a70bbf0365e98b80e47b0
https://github.com/osrg/gobgp/compare/v3.34.0...v3.35.0

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo