High severity7.3NVD Advisory· Published May 4, 2026· Updated May 6, 2026
CVE-2026-7736
CVE-2026-7736
Description
A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this issue. This patch is called 76d911046344a3923cbe573364197aa081944592. It is suggested to upgrade the affected component.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/osrg/gobgp/v4Go | < 4.4.0 | 4.4.0 |
Affected products
2Patches
176d911046344packet/mrt: fix uint16 underflow in parseRibEntry path attribute loop
1 file changed · +7 −3
pkg/packet/mrt/mrt.go+7 −3 modified@@ -413,6 +413,9 @@ func parseRibEntry(data []byte, family bgp.Family, isAddPath bool, prefix ...bgp } totalLen := binary.BigEndian.Uint16(data[:2]) data = data[2:] + if len(data) < int(totalLen) { + return nil, nil, errNotAllRibEntryBytesAvailable + } options := &bgp.MarshallingOption{ MRT: true, } @@ -441,10 +444,11 @@ func parseRibEntry(data []byte, family bgp.Family, isAddPath bool, prefix ...bgp mp.Value = []bgp.PathNLRI{{NLRI: prefix[0], ID: e.PathIdentifier}} } - attrLen -= uint16(p.Len()) - if len(data) < p.Len() { - return nil, nil, errNotAllRibEntryBytesAvailable + pLen := uint16(p.Len()) + if pLen > attrLen { + return nil, nil, fmt.Errorf("path attribute length %d exceeds remaining attribute length %d", pLen, attrLen) } + attrLen -= pLen data = data[p.Len():] e.PathAttributes = append(e.PathAttributes, p) }
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/osrg/gobgp/commit/76d911046344a3923cbe573364197aa081944592nvdPatchWEB
- github.com/osrg/gobgp/releases/tag/v4.4.0nvdPatchProductWEB
- github.com/advisories/GHSA-hj4w-qr9j-c4cfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-7736ghsaADVISORY
- vuldb.com/submit/807604nvdThird Party AdvisoryVDB EntryWEB
- vuldb.com/vuln/360911nvdThird Party AdvisoryVDB EntryWEB
- vuldb.com/vuln/360911/ctinvdPermissions RequiredVDB EntryWEB
News mentions
0No linked articles in our index yet.