CVE-2025-7464

Summary

A vulnerability classified as problematic has been found in osrg GoBGP up to 3.37.0. Affected is the function SplitRTR of the file pkg/packet/rtr/rtr.go. The manipulation leads to out-of-bounds read. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The name of the patch is e748f43496d74946d14fed85c776452e47b99d64. It is recommended to apply a patch to fix this issue.

Affected Software

VendorProductVersion RangeStatus
osrgGoBGP3.0affected
osrgGoBGP3.1affected
osrgGoBGP3.2affected
osrgGoBGP3.3affected
osrgGoBGP3.4affected
osrgGoBGP3.5affected
osrgGoBGP3.6affected
osrgGoBGP3.7affected
osrgGoBGP3.8affected
osrgGoBGP3.9affected
osrgGoBGP3.10affected
osrgGoBGP3.11affected
osrgGoBGP3.12affected
osrgGoBGP3.13affected
osrgGoBGP3.14affected
osrgGoBGP3.15affected
osrgGoBGP3.16affected
osrgGoBGP3.17affected
osrgGoBGP3.18affected
osrgGoBGP3.19affected
osrgGoBGP3.20affected
osrgGoBGP3.21affected
osrgGoBGP3.22affected
osrgGoBGP3.23affected
osrgGoBGP3.24affected
osrgGoBGP3.25affected
osrgGoBGP3.26affected
osrgGoBGP3.27affected
osrgGoBGP3.28affected
osrgGoBGP3.29affected
osrgGoBGP3.30affected
osrgGoBGP3.31affected
osrgGoBGP3.32affected
osrgGoBGP3.33affected
osrgGoBGP3.34affected
osrgGoBGP3.35affected
osrgGoBGP3.36affected
osrgGoBGP3.37.0affected

Weaknesses

  • CWE-125: Out-of-Bounds Read
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References