Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
osrg GoBGP bgp.go DecodeFromBytes off-by-one
Vulnerability Description
A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go. Executing a manipulation of the argument data[1] can lead to off-by-one. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is said to be difficult. This patch is called 67c059413470df64bc20801c46f64058e88f800f. A patch should be applied to remediate this issue.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
Off-by-one错误
Vulnerability Title
GoBGP 安全漏洞
Vulnerability Description
GoBGP是osrg开源的一种开源的边界网关协议(BGP)实现。 osrg GoBGP 4.3.0及之前版本存在安全漏洞,该漏洞源于对文件pkg/packet/bgp/bgp.go中参数data[1]的错误操作,可能导致差一错误。
CVSS Information
N/A
Vulnerability Type
N/A