VYPR

Go modules package

github.com/osrg/gobgp

pkg:golang/github.com/osrg/gobgp

Vulnerabilities (4)

  • CVE-2026-7737MedMay 4, 2026
    affected < 4.4.0fixed 4.4.0

    A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack c

  • CVE-2025-43973Apr 21, 2025
    affected >= 0

    An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.

  • CVE-2025-43972Apr 21, 2025
    affected >= 0

    An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.

  • CVE-2025-43970Apr 21, 2025
    affected >= 0

    An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family).