DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2025-43971: GoBGP Panic: The Zero-Byte Assassin

#security #cve #cybersecurity

GoBGP Panic: The Zero-Byte Assassin

Vulnerability ID: CVE-2025-43971
CVSS Score: 8.6
Published: 2025-04-21

A critical Denial of Service (DoS) vulnerability in GoBGP allows remote attackers to crash the BGP daemon by sending a malformed BGP OPEN message. The crash is triggered by a Go runtime panic due to an improper slice operation when parsing the Software Version capability.

TL;DR

GoBGP, a popular BGP implementation, crashes when parsing a specific optional capability in the BGP OPEN message. By setting the 'Software Version' length to zero, an attacker forces a slice bounds out of range panic (data[1:0]). This requires no authentication if the attacker can reach the BGP port, resulting in a complete teardown of BGP sessions and potential routing outages. Fixed in version 3.35.0.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-129
  • Attack Vector: Network
  • CVSS Score: 8.6 (High)
  • EPSS Score: 0.00026
  • Impact: Denial of Service (DoS)
  • Exploit Status: PoC Available

Affected Systems

  • GoBGP < 3.35.0
  • GoBGP: < 3.35.0 (Fixed in: 3.35.0)

Code Analysis

Commit: 08a001e

packet: fix panic when decoding Software Version Capability

--- a/pkg/packet/bgp/bgp.go
+++ b/pkg/packet/bgp/bgp.go
@@ -1094,7 +1094,7 @@ func (c *CapSoftwareVersion) DecodeFromBytes(data []byte) error {
        return NewMessageError(BGP_ERROR_OPEN_MESSAGE_ERROR, BGP_ERROR_SUB_UNSUPPORTED_CAPABILITY, nil, "Not all CapabilitySoftwareVersion bytes allowed")
    }
    softwareVersionLen := uint8(data[0])
-   if len(data[1:]) < int(softwareVersionLen) || softwareVersionLen > 64 {
+   if len(data[1:]) < int(softwareVersionLen) || softwareVersionLen > 64 || softwareVersionLen == 0 {
        return NewMessageError(BGP_ERROR_OPEN_MESSAGE_ERROR, BGP_ERROR_SUB_UNSUPPORTED_CAPABILITY, nil, "invalid length of software version capablity")
    }
    c.SoftwareVersionLen = softwareVersionLen
Enter fullscreen mode Exit fullscreen mode

Exploit Details

Mitigation Strategies

  • Software Upgrade
  • Network Access Control (ACLs)
  • TTL Security Mechanism (GTSM)

Remediation Steps:

  1. Identify all GoBGP instances running versions < 3.35.0.
  2. Download and compile/install GoBGP v3.35.0.
  3. Restart the GoBGP service to apply the binary update.
  4. Verify the version using gobgp --version.

References

Read the full report for CVE-2025-43971 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)