Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu 24.04: GoBGP Critical DoS Buffer Overflow USN-7661-1 CVE-2023-46565

ubuntu
Calendar Grey July 22, 2025
Dist Ubuntu Esm H88
A number of vulnerabilities related to GoBGP have been resolved in Ubuntu 24.04 LTS and in prior versions. Ensure that your system is updated to apply the necessary patches.
Several security issues were fixed in GoBGP.

Summary

Several security issues were fixed in GoBGP.

Software Description:

- gobgp: BGP implementation in Go

Details:

It was discovered that GoBGP did not properly manage memory under

certain circumstances, which could lead to a buffer overflow. An

attacker could possibly use this issue to cause a denial of service. This

issue was only addressed in Ubuntu 22.04 LTS and Ubuntu 20.04 LTS.

(CVE-2023-46565)

It was discovered that GoBGP did not properly verify the length of

certain inputs. An attacker could possibly use this issue to cause a

panic resulting in a denial of service.

(CVE-2025-43970, CVE-2025-43971, CVE-2025-43972, CVE-2025-43973)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  gobgpd                          3.23.0-1ubuntu0.3+esm2
                                  Available with Ubuntu Pro
  golang-github-osrg-gobgp-dev    3.23.0-1ubuntu0.3+esm2
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  gobgpd                          2.25.0-3ubuntu0.1+esm2
                                  Available with Ubuntu Pro
  golang-github-osrg-gobgp-dev    2.25.0-3ubuntu0.1+esm2
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  gobgpd                          2.12.0-1ubuntu0.1~esm2
                                  Available with Ubuntu Pro
  golang-github-osrg-gobgp-dev    2.12.0-1ubuntu0.1~esm2
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  gobgpd                          1.29-1ubuntu0.1+esm1
                                  Available with Ubuntu Pro
  golang-github-osrg-gobgp-dev    1.29-1ubuntu0.1+esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7661-1

CVE-2023-46565, CVE-2025-43970, CVE-2025-43971, CVE-2025-43972,

CVE-2025-43973

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7661-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here