VYPR

Gobgp

by Osrg

Source repositories

CVEs (15)

  • CVE-2026-37462HigJun 3, 2026
    risk 0.42cvss 7.5epss 0.00

    An integer underflow in the BGPUpdate.DecodeFromBytes function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.

  • CVE-2026-42285HigMay 7, 2026
    risk 0.42cvss 7.5epss 0.00

    GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with…

  • CVE-2026-41643HigMay 7, 2026
    risk 0.42cvss 7.5epss 0.01

    GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service (DoS) vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic.…

  • CVE-2026-41642HigMay 7, 2026
    risk 0.42cvss 7.5epss 0.01

    GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service (DoS) vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized…

  • CVE-2026-37461HigMay 4, 2026
    risk 0.42cvss 7.5epss 0.00

    An out-of-bounds read in the ParseIP6Extended function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.

  • CVE-2026-30405HigMar 16, 2026
    risk 0.42cvss 7.5epss 0.00

    An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_HOP path attribute

  • CVE-2023-46565HigApr 29, 2024
    risk 0.42cvss 7.5epss 0.01

    Buffer Overflow vulnerability in osrg gobgp commit 419c50dfac578daa4d11256904d0dc182f1a9b22 allows a remote attacker to cause a denial of service via the handlingError function in pkg/server/fsm.go.

  • CVE-2026-7736HigMay 4, 2026
    risk 0.40cvss 7.3epss 0.00

    A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version…

  • CVE-2026-7735HigMay 4, 2026
    risk 0.40cvss 7.3epss 0.00

    A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack…

  • CVE-2026-7737MedMay 4, 2026
    risk 0.28cvss 5.3epss 0.01

    A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack…

  • CVE-2026-7734MedMay 4, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefix_sid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. The attack may…

  • CVE-2025-7464LowJul 12, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability classified as problematic has been found in osrg GoBGP up to 3.37.0. Affected is the function SplitRTR of the file pkg/packet/rtr/rtr.go. The manipulation leads to out-of-bounds read. It is possible to launch the attack remotely. The complexity of an attack is…

  • CVE-2026-5124LowMar 30, 2026
    risk 0.17cvss 3.7epss 0.00

    A security vulnerability has been detected in osrg GoBGP up to 4.3.0. Affected is the function BGPHeader.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP Header Handler. The manipulation leads to improper access controls. Remote exploitation of the attack…

  • CVE-2026-5123LowMar 30, 2026
    risk 0.17cvss 3.7epss 0.00

    A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go. Executing a manipulation of the argument data[1] can lead to off-by-one. The attack may be launched remotely. Attacks of this nature are highly…

  • CVE-2026-5122LowMar 30, 2026
    risk 0.17cvss 3.7epss 0.00

    A security flaw has been discovered in osrg GoBGP up to 4.3.0. This affects the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP OPEN Message Handler. Performing a manipulation of the argument domainNameLen results in improper access controls. The…