A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated remotely. Upgrading to version 4.4.0 can resolve this issue. The identifier of the patch is bc77597d42335c78464bc8e15a471d887bbdf260. Upgrading the affected component is recommended.
3.35.0-13.36.0-23.36.0-23.36.0-2build11.15-11.29-11.29-1ubuntu0.1+esm11.33-12.11.0-12.12.0-12.12.0-1ubuntu0.1~esm12.12.0-1ubuntu0.1~esm22.25.0-22.25.0-32.25.0-3build12.25.0-3ubuntu0.12.25.0-3ubuntu0.1+esm12.25.0-3ubuntu0.1+esm22.25.0-3ubuntu0.1+esm33.16.0-1build13.19.0-13.21.0-13.23.0-13.23.0-1ubuntu0.13.23.0-1ubuntu0.23.23.0-1ubuntu0.2+esm13.23.0-1ubuntu0.33.23.0-1ubuntu0.3+esm13.23.0-1ubuntu0.3+esm2+1 moreExploitability
AV:NAC:LAT:NPR:NUI:NVulnerable System
VC:NVI:NVA:LSubsequent System
SC:NSI:NSA:NCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N