| タイトル | GoBGP 4.3.0 Improper Handling of Length Parameter Inconsistency |
|---|
| 説明 | A vulnerability was found in GoBGP 4.3.0 in the FQDN capability decoder used during BGP OPEN message processing. It has been classified as improper handling of length parameter inconsistency. The issue is located in pkg/packet/bgp/bgp.go in the function CapFQDN.DecodeFromBytes().
The parser correctly uses HostNameLen to decode the HostName field, but it does not properly use DomainNameLen when decoding the DomainName field. Instead, the implementation reads all remaining bytes in the capability buffer as the domain name.
An attacker able to supply a crafted BGP OPEN message containing an FQDN capability can cause additional trailing capability data or padding bytes to be interpreted as part of the domain name. This may lead to incorrect domain name parsing, capability decode inconsistencies, and misleading log or debug output.
The vulnerability appears to be primarily a protocol parsing correctness issue rather than a direct memory safety issue, because the read remains within the provided buffer bounds. The affected file is pkg/packet/bgp/bgp.go and the affected function is CapFQDN.DecodeFromBytes(). |
|---|
| ソース | ⚠️ https://github.com/osrg/gobgp/commit/2b09db390a3d455808363c53e409afe6b1b86d2d |
|---|
| ユーザー | rensiru (UID 96440) |
|---|
| 送信 | 2026年03月14日 08:44 (17 日 ago) |
|---|
| モデレーション | 2026年03月30日 09:46 (16 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 354154 [osrg GoBGP 迄 4.3.0 BGP OPEN Message pkg/packet/bgp/bgp.go DecodeFromBytes domainNameLen 特権昇格] |
|---|
| ポイント | 20 |
|---|