Buffer Overflow Vulnerability in osrg GoBGP Product
CVE-2023-46565

7.5HIGH

Key Information:

Vendor: osrg
Status: GoBGP
Vendor: CVE Published:; 29 April 2024

What is CVE-2023-46565?

A buffer overflow vulnerability has been identified in the osrg GoBGP software, specifically within the handlingError function in pkg/server/fsm.go. This vulnerability allows remote attackers to exploit the affected system, potentially causing a denial of service. Organizations using vulnerable versions of GoBGP are advised to apply patches promptly to mitigate risks associated with this security issue. For further details, refer to the issue discussed on GitHub.

References

https://github.com/osrg/gobgp/issues/2725

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 29, 2024
Vulnerability Reserved
Oct 23, 2023

CVE-2023-46565 Data

JSON