A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go. Executing a manipulation of the argument data[1] can lead to off-by-one. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is said to be difficult. This patch is called 67c059413470df64bc20801c46f64058e88f800f. A patch should be applied to remediate this issue.
3.35.0-13.36.0-23.36.0-23.36.0-2build11.15-11.29-11.29-1ubuntu0.1+esm11.33-12.11.0-12.12.0-12.12.0-1ubuntu0.1~esm12.12.0-1ubuntu0.1~esm22.25.0-22.25.0-32.25.0-3build12.25.0-3ubuntu0.12.25.0-3ubuntu0.1+esm12.25.0-3ubuntu0.1+esm22.25.0-3ubuntu0.1+esm33.16.0-1build13.19.0-13.21.0-13.23.0-13.23.0-1ubuntu0.13.23.0-1ubuntu0.23.23.0-1ubuntu0.2+esm13.23.0-1ubuntu0.33.23.0-1ubuntu0.3+esm13.23.0-1ubuntu0.3+esm2+1 moreExploitability
AV:NAC:HAT:NPR:NUI:NVulnerable System
VC:NVI:NVA:LSubsequent System
SC:NSI:NSA:NCVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N