Ivan Gotovchits

4 exploits Active since Apr 2025
CVE-2025-43970 WRITEUP MEDIUM WRITEUP
GoBGP < 3.35.0 - Denial of Service via Improper Input Length Validation in MRT Packet Parser
An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family).
CVSS 4.3
CVE-2025-43971 WRITEUP HIGH WRITEUP
GoBGP < 3.35.0 - Denial of Service via Zero softwareVersionLen
An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.
CVSS 8.6
CVE-2025-43972 WRITEUP MEDIUM WRITEUP
GoBGP < 3.35.0 - Denial of Service via Flowspec Parser Input Validation
An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.
CVSS 6.8
CVE-2025-43973 WRITEUP MEDIUM WRITEUP
GoBGP < 3.35.0 - Off-by-one Error in RTR Message Length Handling
An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.
CVSS 6.8