350 matches found
SUSE CVE-2026-37460
Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...
CVE-2026-37460
Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...
USN-8348-1 gobgp vulnerabilities
It was discovered that GoBGP incorrectly handled certain specially crafted BGP UPDATE messages. A remote attacker could possibly use this issue to cause GoBGP to crash, resulting in a denial of service. CVE-2026-37461 Yanlei Wang discovered that GoBGP incorrectly handled certain malformed BGP...
CVE-2026-37462
An integer underflow in the BGPUpdate.DecodeFromBytes function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...
CVE-2026-37462
CVE-2026-37462 affects gobgp v4.3.0. A vulnerability in BGPUpdate.DecodeFromBytes (/bgp/bgp.go) allows an attacker to trigger a Denial of Service by sending a crafted BGP UPDATE message. The issue is described consistently across multiple sources (NVD/EUVD/CVE listings and vulnerability trackers)...
CVE-2026-37462
An integer underflow in the BGPUpdate.DecodeFromBytes function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...
CVE-2026-37460
Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...
Cisco Nexus 3000 and 9000 Series Switches Border Gateway Protocol Denial of Service Vulnerability
A vulnerability in the Border Gateway Protocol BGP enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to trigger BGP peer flaps, resulting in a denial of service DoS condition...
SUSE CVE-2026-41643
GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic. This occurs during th...
Linux Distros Unpatched Vulnerability : CVE-2026-42285
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can...
CVE-2026-42285
GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent...
DEBIAN-CVE-2026-41643
GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic. This occurs during th...
CVE-2026-42285 GoBGP: Panic in AdjRib.Update via malformed BGP Update message (Nil Pointer Dereference)
GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent...
SUSE CVE-2026-37461
An out-of-bounds read in the ParseIP6Extended function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...
CVE-2026-41642
GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as...
CVE-2026-37461
A flaw was found in gobgp. An out-of-bounds read vulnerability in the ParseIP6Extended function allows a remote attacker to cause a Denial of Service DoS by sending a specially crafted Border Gateway Protocol BGP UPDATE message. This can lead to the affected system becoming unresponsive...
Linux Distros Unpatched Vulnerability : CVE-2026-37461
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read in the ParseIP6Extended function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP...
Linux Distros Unpatched Vulnerability : CVE-2026-37459
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer underflow in FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...
GoBGP has a panic in AdjRib.Update via malformed BGP Update message (Nil Pointer Dereference)
Summary Remote Denial of Service DoS via Nil Pointer Dereference in BGP Update Processing An unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent attribute lengths, it improperly...
GHSA-P3W2-64XM-833J GoBGP has a panic in AdjRib.Update via malformed BGP Update message (Nil Pointer Dereference)
Summary Remote Denial of Service DoS via Nil Pointer Dereference in BGP Update Processing An unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent attribute lengths, it improperly...