x/vulndb: potential Go vuln in github.com/osrg/gobgp/v3: GHSA-6rqv-5cg7-m4x3

[GoVulnBot]

Advisory GHSA-6rqv-5cg7-m4x3 references a vulnerability in the following Go modules:

Module
github.com/osrg/gobgp
github.com/osrg/gobgp/v3

Description:
Buffer Overflow vulnerability in osrg gobgp commit 419c50dfac578daa4d11256904d0dc182f1a9b22 allows a remote attacker to cause a denial of service via the handlingError function in pkg/server/fsm.go.

References:

• ADVISORY: GHSA-6rqv-5cg7-m4x3
• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2023-46565
• FIX: osrg/gobgp@419c50d
• REPORT: SEGV bug in pkg/server/fsm.go osrg/gobgp#2725

No existing reports found with this module or alias.
See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/osrg/gobgp
      vulnerable_at: 0.0.0-20211201041502-6248c576b118
    - module: github.com/osrg/gobgp/v3
      vulnerable_at: 3.29.0
summary: Buffer Overflow vulnerability in osrg gobgp in github.com/osrg/gobgp
cves:
    - CVE-2023-46565
ghsas:
    - GHSA-6rqv-5cg7-m4x3
references:
    - advisory: https://github.com/advisories/GHSA-6rqv-5cg7-m4x3
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-46565
    - fix: https://github.com/osrg/gobgp/commit/419c50dfac578daa4d11256904d0dc182f1a9b22
    - report: https://github.com/osrg/gobgp/issues/2725
source:
    id: GHSA-6rqv-5cg7-m4x3
    created: 2024-09-06T23:01:18.039417783Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/613336 mentions this issue: data/reports: add GO-2024-3124