CVE-2025-7464
BaseFortify
Publication date: 2025-07-12
Last updated on: 2025-07-15
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| osrg | gobgp | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the osrg GoBGP software up to version 3.37.0, specifically in the SplitRTR function of the pkg/packet/rtr/rtr.go file. It allows an attacker to cause an out-of-bounds read, which means the program reads memory outside the intended boundaries. The attack can be launched remotely but is considered difficult to exploit due to high complexity.
How can this vulnerability impact me? :
The vulnerability can lead to an out-of-bounds read, which may cause the affected software to behave unexpectedly or crash. While it does not directly impact confidentiality or integrity, it can affect availability by causing denial of service. The exploitability is difficult and requires high complexity, so the risk is moderate.
What immediate steps should I take to mitigate this vulnerability?
It is recommended to apply the patch named e748f43496d74946d14fed85c776452e47b99d64 to fix this issue.