VYPR

Go modules package

github.com/osrg/gobgp/v4

pkg:golang/github.com/osrg/gobgp/v4

Vulnerabilities (7)

  • CVE-2026-42285HigMay 7, 2026
    affected >= 4.4.0, < 4.5.0fixed 4.5.0

    GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with

  • CVE-2026-41643HigMay 7, 2026
    affected < 4.3.0fixed 4.3.0

    GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service (DoS) vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic.

  • CVE-2026-41642HigMay 7, 2026
    affected >= 4.3.0, < 4.4.0fixed 4.4.0

    GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service (DoS) vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Pat

  • CVE-2026-37461HigMay 4, 2026
    affected < 4.4.0fixed 4.4.0

    An out-of-bounds read in the ParseIP6Extended function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.

  • CVE-2026-7736HigMay 4, 2026
    affected < 4.4.0fixed 4.4.0

    A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4

  • CVE-2026-7734MedMay 4, 2026
    affected < 4.4.0fixed 4.4.0

    A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefix_sid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. The attack may

  • CVE-2026-30405HigMar 16, 2026
    affected <= 4.3.0

    An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_HOP path attribute