Listen to this Post
GoBGP prior to version 3.35.0 fails to validate input length in pkg/packet/rtr/rtr.go, leading to improper handling of RTR (RPKI-to-Router Protocol) messages. The vulnerability occurs when processing RTR packets, as the code does not ensure that the received data length matches the expected message structure. Attackers could exploit this by sending malformed RTR packets, potentially causing denial-of-service (DoS) conditions or memory corruption due to buffer misreads. The lack of boundary checks allows truncated or oversized packets to trigger undefined behavior in the BGP routing process.
DailyCVE Form:
Platform: GoBGP
Version: < 3.35.0
Vulnerability: Input length validation
Severity: Moderate
Date: 2025-04-21
What Undercode Say:
Exploitation:
1. Craft malformed RTR packets with incorrect lengths.
- Send packets to GoBGP instances with RTR enabled.
3. Observe crashes or memory corruption.
Protection:
1. Upgrade to GoBGP 3.35.0 or later.
2. Disable RTR if unused.
3. Implement network ACLs to restrict RTR traffic.
Analytics:
- Attack Vector: Network
- Complexity: Low
- Privileges Required: None
- User Interaction: None
Commands:
- Check GoBGP version:
gobgpd --version
- Mitigate via ACL (example for Linux):
iptables -A INPUT -p tcp --dport 323 -j DROP
Code Snippet (Patch Check):
// Verify input length in rtr.go
func (m RTRMessage) DecodeFromBytes(data []byte) error {
if len(data) < m.MinLen() {
return fmt.Errorf("invalid length")
}
// ...
}
References:
- GitHub Advisory: GHSA-xxxx-xxxx-xxxx
- NVD: CVE-2025-XXXX
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
