CVE-2026-7735
6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
Summary
A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. Upgrading to version 4.4.0 is able to address this issue. The patch is named 51ad1ada06cb41ce47b7066799981816f50b7ced. The affected component should be upgraded.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| osrg | GoBGP | 4.0 | affected |
| osrg | GoBGP | 4.1 | affected |
| osrg | GoBGP | 4.2 | affected |
| osrg | GoBGP | 4.3.0 | affected |
| osrg | GoBGP | 4.4.0 | unaffected |
Weaknesses
- CWE-120: Buffer Overflow
- CWE-119: Memory Corruption
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://vuldb.com/vuln/360910
- https://vuldb.com/vuln/360910/cti
- https://vuldb.com/submit/807600
- https://github.com/osrg/gobgp/commit/51ad1ada06cb41ce47b7066799981816f50b7ced
- https://github.com/osrg/gobgp/releases/tag/v4.4.0
- https://github.com/osrg/gobgp/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.