CVE-2025-7464 - Vulnerability Details

A vulnerability classified as problematic has been found in osrg GoBGP up to 3.37.0. Affected is the function SplitRTR of the file pkg/packet/rtr/rtr.go. The manipulation leads to out-of-bounds read. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The name of the patch is e748f43496d74946d14fed85c776452e47b99d64. It is recommended to apply a patch to fix this issue.

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Osrg	Gobgp

No data.

References

Link	Providers
https://github.com/osrg/gobgp/commit/e748f43496d74946d14fed85c776452e47b99d64
https://vuldb.com/?ctiid.316116
https://vuldb.com/?id.316116
https://vuldb.com/?submit.610193

History

Mon, 14 Jul 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics		epss `{'score': 0.00039}`

Sat, 12 Jul 2025 07:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability classified as problematic has been found in osrg GoBGP up to 3.37.0. Affected is the function SplitRTR of the file pkg/packet/rtr/rtr.go. The manipulation leads to out-of-bounds read. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The name of the patch is e748f43496d74946d14fed85c776452e47b99d64. It is recommended to apply a patch to fix this issue.
Title		osrg GoBGP rtr.go SplitRTR out-of-bounds
Weaknesses		CWE-119 CWE-125
References		https://github.com/osrg/gobgp/commit/e748f43496d74946d14fed85c776452e47b99d64 https://vuldb.com/?ctiid.316116 https://vuldb.com/?id.316116 https://vuldb.com/?submit.610193
Metrics		cvssV2_0 `{'score': 2.6, 'vector': 'AV:N/AC:H/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C'}` cvssV3_0 `{'score': 3.7, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C'}` cvssV3_1 `{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C'}` cvssV4_0 `{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X'}`

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2025-07-12T06:32:06.030Z

Updated: 2025-07-14T20:12:39.220Z

Reserved: 2025-07-11T11:50:08.558Z

Link: CVE-2025-7464

Vulnrichment

Updated: 2025-07-14T19:12:51.154Z

NVD

Status : Awaiting Analysis

Published: 2025-07-12T07:15:22.950

Modified: 2025-07-15T13:14:49.980

Link: CVE-2025-7464

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object