CVE-2025-43971
CVE Details
Visit the official vulnerability details page for CVE-2025-43971 to learn more.
Initial Publication
04/22/2025
Last Update
09/04/2025
Third Party Dependency
github.com/osrg/gobgp/v3
NIST CVE Summary
An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.
CVE Severity
Our Official Summary
The vulnerability originates from a flaw in the pkg/packet/bgp/bgp.go file in GoBGP versions prior to 3.35.0. Specifically, if the softwareVersionLen field is set to zero, it can trigger a panic within the application, resulting in a crash.
The risk of exploitation is low, as it requires privileged access and the ability to execute code within the container. Furthermore, the overall impact is limited due to the containerized environment, which restricts the available attack surface. Upstream patches addressing this issue are available and will be adopted to resolve the vulnerability.
Status
Ongoing
Affected Products & Versions
Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
---|---|---|---|---|
4.7.16 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ⚠️ Impacted |
4.6.41 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
Revision History
Date | Revision |
---|---|
08/12/2025 | Official summary revised: The vulnerability originates from a flaw in the pkg/packet/bgp/bgp.go file in GoBGP versions prior to 3.35.0. Specifically, if the softwareVersionLen field is set to zero, it can trigger a panic within the application, resulting in a crash.The risk of exploitation is low, as it requires privileged access and the ability to execute code within the container. Furthermore, the overall impact is limited due to the containerized environment, which restricts the available attack surface. Upstream patches addressing this issue are available and will be adopted to resolve the vulnerability. |
05/20/2025 | Status changed from Open to Ongoing |
05/15/2025 | Advisory severity revised to HIGH from |