{"id":"GO-2025-3633","summary":"GoBGP does not verify that the input length in github.com/osrg/gobgp","details":"GoBGP does not verify that the input length in github.com/osrg/gobgp","aliases":["CVE-2025-43973","GHSA-c5jg-wr5v-2wp2"],"modified":"2026-02-04T03:44:03.789885Z","published":"2025-04-22T18:16:40Z","related":["CGA-m83c-2ffw-8m8q"],"database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2025-3633"},"references":[{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-c5jg-wr5v-2wp2"},{"type":"FIX","url":"https://github.com/osrg/gobgp/commit/5693c58a4815cc6327b8d3b6980f0e5aced28abe"},{"type":"WEB","url":"https://github.com/osrg/gobgp/compare/v3.34.0...v3.35.0"}],"affected":[{"package":{"name":"github.com/osrg/gobgp","ecosystem":"Go","purl":"pkg:golang/github.com/osrg/gobgp"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3633.json"}},{"package":{"name":"github.com/osrg/gobgp/v3","ecosystem":"Go","purl":"pkg:golang/github.com/osrg/gobgp/v3"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"3.35.0"}]}],"ecosystem_specific":{"imports":[{"symbols":["ParseRTR"],"path":"github.com/osrg/gobgp/v3/pkg/packet/rtr"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3633.json"}}],"schema_version":"1.7.3"}