CVE-2026-41642

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as...

CVE-2026-41643

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic. This occurs during th...

Linux Distros Unpatched Vulnerability : CVE-2026-49837

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - gobgp - None Ubuntu Linux - Unknown description CVE-2026-49837 Note that Nessus relies on the presence of the package as reported by the vendor...

Linux Distros Unpatched Vulnerability : CVE-2026-37462

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer underflow in the BGPUpdate.DecodeFromBytes function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : GoBGP vulnerabilities (USN-8348-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8348-1 advisory. It was discovered that GoBGP incorrectly handled certain specially crafted BGP UPDATE messages. A remote...

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound in the DecodeFromBytes function. An attacker can trigger a nil pointer dereference and panic by supplying a malicious BGP UPDATE message with a declared section length shorter than the actual data...

DEBIAN-CVE-2026-37462

An integer underflow in the BGPUpdate.DecodeFromBytes function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

USN-8348-1 gobgp vulnerabilities

It was discovered that GoBGP incorrectly handled certain specially crafted BGP UPDATE messages. A remote attacker could possibly use this issue to cause GoBGP to crash, resulting in a denial of service. CVE-2026-37461 Yanlei Wang discovered that GoBGP incorrectly handled certain malformed BGP...

CVE-2026-37462

CVE-2026-37462 affects gobgp v4.3.0. A vulnerability in BGPUpdate.DecodeFromBytes (/bgp/bgp.go) allows an attacker to trigger a Denial of Service by sending a crafted BGP UPDATE message. The issue is described consistently across multiple sources (NVD/EUVD/CVE listings and vulnerability trackers)...

CVE-2026-37462

An integer underflow in the BGPUpdate.DecodeFromBytes function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

CVE-2026-37462

An integer underflow in the BGPUpdate.DecodeFromBytes function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

GoBGP 安全漏洞

GoBGP is an open-source implementation of the Border Gateway Protocol BGP developed by osrg. Version 4.3.0 of GoBGP contains a security vulnerability. This vulnerability stems from an integer underflow in the BGPUpdate.DecodeFromBytes function, which could allow attackers to cause denial-of-servi...

EUVD-2026-34101

An integer underflow in the BGPUpdate.DecodeFromBytes function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

CVE-2026-37462

An integer underflow in the BGPUpdate.DecodeFromBytes function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

CVE-2026-7736

A flaw was found in osrg GoBGP. A remote attacker can exploit this vulnerability by executing a manipulation that leads to an integer underflow in the parseRibEntry function. This integer underflow can result in low impacts to the system's confidentiality, integrity, and availability. Mitigation ...

SUSE CVE-2026-7734

A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefixsid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. The attack may be performed from...

CVE-2026-7734

A flaw was found in osrg GoBGP. A remote attacker can exploit a vulnerability in the SRv6 L3 Service component by manipulating the data argument within the SRv6L3ServiceAttribute.DecodeFromBytes function. This manipulation leads to a denial of service DoS, making the affected system or service...

SUSE CVE-2026-41642

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as...

SUSE CVE-2026-41643

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic. This occurs during th...

Linux Distros Unpatched Vulnerability : CVE-2026-42285

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can...