CVE-2025-43970 – A buffer length validation vulnerability in GoB... (How to Fix)

Q: What is the severity of CVE-2025-43970?

CVE-2025-43970 has a CVSS score of 4.3 (MEDIUM). A buffer length validation vulnerability in GoBGP's MRT packet parsing allows attackers to cause denial of service or potentially execute arbitrary code by sending specially crafted packets. This affects all GoBGP deployments before version 3.35.0 that process MRT data from untrusted sources.

📋 TL;DR

A buffer length validation vulnerability in GoBGP's MRT packet parsing allows attackers to cause denial of service or potentially execute arbitrary code by sending specially crafted packets. This affects all GoBGP deployments before version 3.35.0 that process MRT data from untrusted sources.

💻 Affected Systems

Products:

GoBGP

Versions: All versions before 3.35.0

Operating Systems: All platforms running GoBGP

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when processing MRT (Multi-threaded Routing Toolkit) data, which is not the default configuration for most GoBGP deployments.

📦 What is this software?

Gobgp by Osrg

View all CVEs affecting Gobgp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if memory corruption can be weaponized.

🟠

Likely Case

Denial of service through application crash or instability when processing malformed MRT packets.

🟢

If Mitigated

Limited impact if GoBGP only processes MRT data from trusted sources with proper network segmentation.

🌐 Internet-Facing: MEDIUM - Exploitable if GoBGP accepts MRT data from external sources, but requires specific MRT processing configuration.

🏢 Internal Only: LOW - Most GoBGP deployments process BGP data, not MRT data, from internal peers.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending malformed MRT packets to a vulnerable GoBGP instance configured to process MRT data.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.35.0

Vendor Advisory: https://github.com/osrg/gobgp/commit/5153bafbe8dbe1a2f02a70bbf0365e98b80e47b0

Restart Required: Yes

Instructions:

1. Stop GoBGP service. 2. Update to GoBGP 3.35.0 or later using package manager or manual installation. 3. Restart GoBGP service. 4. Verify version with 'gobgp --version'.

🔧 Temporary Workarounds

Disable MRT processing

all

If MRT functionality is not required, disable MRT packet processing entirely.

# Remove or comment MRT-related configuration in gobgp.conf
# Ensure no MRT collectors or peers are configured

Network segmentation

linux

Restrict MRT data sources to trusted internal networks only.

# Configure firewall rules to block MRT traffic from untrusted sources
# Example: iptables -A INPUT -p tcp --dport <mrt-port> -s untrusted_network -j DROP

🧯 If You Can't Patch

Implement strict network controls to allow MRT data only from trusted, verified sources.
Monitor GoBGP processes for crashes or abnormal behavior indicating exploitation attempts.

🔍 How to Verify

Check if Vulnerable:

Check GoBGP version with 'gobgp --version' and verify if below 3.35.0. Also check configuration for MRT-related settings.

Check Version:

gobgp --version

Verify Fix Applied:

Confirm version is 3.35.0 or higher with 'gobgp --version'. Test MRT packet processing functionality if required.

📡 Detection & Monitoring

Log Indicators:

GoBGP process crashes
Panic logs mentioning mrt.go
Memory allocation errors in GoBGP logs

Network Indicators:

Unusual MRT traffic patterns
MRT packets with abnormal lengths from untrusted sources

SIEM Query:

source="gobgp.log" AND ("panic" OR "fatal" OR "mrt.go")

📊 Metadata

CVE ID: CVE-2025-43970

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

CWE: CWE-1284

EPSS Score: 0.03% exploit probability (7.7th percentile)

Published: April 21, 2025

Last Updated: May 8, 2025

🔗 References

https://github.com/osrg/gobgp/commit/5153bafbe8dbe1a2f02a70bbf0365e98b80e47b0 Patch
https://github.com/osrg/gobgp/compare/v3.34.0...v3.35.0 Patch,Release Notes

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-43970, you might also want to check these: