| Title | NTT Open Source GoBGP defe9ac1b1f1c854d1941a5b70dee3aaed6fb960 Out-of-Bounds Read |
|---|
| Description | We recently identified a bug in the latest version of the GoBGP project. In pkg/packet/rtr/rtr.go, a panic is triggered on line 393 in the ParseRTR function due to an out-of-bounds access of data[1]. The root cause appears to be on line 366, where the function accesses data[1] without checking that the input length is at least 2 bytes. When a 1-byte input is processed, this leads to a runtime panic.
The developer already fixed it in this commit: https://github.com/osrg/gobgp/tree/e748f43496d74946d14fed85c776452e47b99d64 |
|---|
| User | CyberGym (UID 87553) |
|---|
| Submission | 07/06/2025 22:53 (11 months ago) |
|---|
| Moderation | 07/11/2025 13:50 (5 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 316116 [osrg GoBGP up to 3.37.0 pkg/packet/rtr/rtr.go SplitRTR out-of-bounds] |
|---|
| Points | 17 |
|---|