Miggo Logo
Miggo Vulnerability Database
CVE-2025-43971

CVE-2025-43971: GoBGP panics due to a zero value for softwareVersionLen

8.6

CVSS Score
3.1

Basic Information

CVE ID
CVE-2025-43971
GHSA ID
GHSA-7m35-vw2c-696v
EPSS Score
0.18866%
CWE
CWE-193
Published
4/21/2025
Updated
4/21/2025
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/osrg/gobgpgo< 3.35.0
github.com/osrg/gobgp/v3go< 3.35.03.35.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided commit directly patches the DecodeFromBytes function within the CapSoftwareVersion struct in the file pkg/packet/bgp/bgp.go. The patch adds a condition to an if statement to check if softwareVersionLen == 0. The commit message explicitly states that softwareVersionLen not being checked for 0 leads to data[1:c.SoftwareVersionLen] becoming data[1:0], which causes a runtime panic. This clearly identifies (*CapSoftwareVersion).DecodeFromBytes as the vulnerable function that processes potentially malicious input (the BGP capability data) and can be triggered to cause a denial of service (panic).

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in *o**P ***or* *.**.*. pk*/p**k*t/**p/**p.*o *llows *tt**k*rs to **us* * p*ni* vi* * z*ro v*lu* *or so*tw*r*V*rsionL*n.

Reasoning

T** provi*** *ommit *ir**tly p*t***s t** `***o***rom*yt*s` *un*tion wit*in t** `**pSo*tw*r*V*rsion` stru*t in t** *il* `pk*/p**k*t/**p/**p.*o`. T** p*t** ***s * *on*ition to *n i* st*t*m*nt to ****k i* `so*tw*r*V*rsionL*n == *`. T** *ommit m*ss*** *x