| शीर्षक | osrg GoBGP 4.3.0 Improper Input Validation |
|---|
| विवरण | A vulnerability was found in osrg GoBGP version 4.3.0. It affects the BGPHeader.DecodeFromBytes function in the pkg/packet/bgp/bgp.go file. The vulnerability is classified as improper input validation because the parser does not validate the 16-byte BGP Marker field. According to RFC 4271, all 16 bytes of the Marker field must be set to 0xFF. However, the current implementation only reads the Length and Type fields from offsets 16 and 18, and does not verify bytes 0-15 at all. As a result, BGP messages with arbitrary Marker values are incorrectly accepted instead of being rejected as malformed. This violates protocol standards and may reduce resilience against malformed or injected traffic on an established TCP session. |
|---|
| स्रोत | ⚠️ https://github.com/osrg/gobgp/commit/f0f24a2a901cbf159260698211ab15c583ced131 |
|---|
| उपयोगकर्ता | Sunxj (UID 96442) |
|---|
| सबमिशन | 14/03/2026 01:00 PM (4 महीनों पहले) |
|---|
| संयम | 30/03/2026 09:50 AM (16 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 354156 [osrg GoBGP तक 4.3.0 BGP Header pkg/packet/bgp/bgp.go BGPHeader.DecodeFromBytes अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|