An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Gobgp | Osrg | * | 3.35.0 (excluding) |
Gobgp | Ubuntu | upstream | * |