Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02cnF2LTVjZzctbTR4M84AA7ZT
Buffer Overflow vulnerability in osrg gobgp
Buffer Overflow vulnerability in osrg gobgp commit 419c50dfac578daa4d11256904d0dc182f1a9b22 allows a remote attacker to cause a denial of service via the handlingError function in pkg/server/fsm.go.
Permalink: https://github.com/advisories/GHSA-6rqv-5cg7-m4x3JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02cnF2LTVjZzctbTR4M84AA7ZT
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 7 months ago
Updated: 3 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-6rqv-5cg7-m4x3, CVE-2023-46565
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-46565
- https://github.com/osrg/gobgp/issues/2725
- https://github.com/osrg/gobgp/commit/419c50dfac578daa4d11256904d0dc182f1a9b22
- https://github.com/advisories/GHSA-6rqv-5cg7-m4x3
Blast Radius: 15.8
Affected Packages
go:github.com/osrg/gobgp/v3
Dependent packages: 52Dependent repositories: 128
Downloads:
Affected Version Ranges: <= 3.20.0
No known fixed version
All affected versions: 3.0.0, 3.1.0, 3.2.0, 3.3.0, 3.4.0, 3.5.0, 3.6.0, 3.7.0, 3.8.0, 3.9.0, 3.10.0, 3.11.0, 3.12.0, 3.13.0, 3.14.0, 3.15.0, 3.16.0, 3.17.0, 3.18.0, 3.19.0, 3.20.0