| Title | GoBGP 4.3.0 Improper Handling of Length Parameter Inconsistency |
|---|
| Description | A vulnerability was found in GoBGP 4.3.0 in the FQDN capability decoder used during BGP OPEN message processing. It has been classified as improper handling of length parameter inconsistency. The issue is located in pkg/packet/bgp/bgp.go in the function CapFQDN.DecodeFromBytes().
The parser correctly uses HostNameLen to decode the HostName field, but it does not properly use DomainNameLen when decoding the DomainName field. Instead, the implementation reads all remaining bytes in the capability buffer as the domain name.
An attacker able to supply a crafted BGP OPEN message containing an FQDN capability can cause additional trailing capability data or padding bytes to be interpreted as part of the domain name. This may lead to incorrect domain name parsing, capability decode inconsistencies, and misleading log or debug output.
The vulnerability appears to be primarily a protocol parsing correctness issue rather than a direct memory safety issue, because the read remains within the provided buffer bounds. The affected file is pkg/packet/bgp/bgp.go and the affected function is CapFQDN.DecodeFromBytes(). |
|---|
| Source | ⚠️ https://github.com/osrg/gobgp/commit/2b09db390a3d455808363c53e409afe6b1b86d2d |
|---|
| User | rensiru (UID 96440) |
|---|
| Submission | 03/14/2026 08:44 (16 days ago) |
|---|
| Moderation | 03/30/2026 09:46 (16 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 354154 [osrg GoBGP up to 4.3.0 BGP OPEN Message pkg/packet/bgp/bgp.go DecodeFromBytes domainNameLen access control] |
|---|
| Points | 20 |
|---|