42 matches found
CVE-2026-41643
GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic. This occurs during th...
Integer Underflow (Wrap or Wraparound)
Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound in the DecodeFromBytes function. An attacker can trigger a nil pointer dereference and panic by supplying a malicious BGP UPDATE message with a declared section length shorter than the actual data...
Denial Of Service (DoS)
GoBGP is vulnerable to Denial of Service DoS. The vulnerability is due to improper validation of malformed BGP UPDATE messages during processing of 4-byte AS attributes, where an internal slice index shift can trigger an index out of range panic, causing the GoBGP process to crash...
SUSE CVE-2026-41642
GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as...
DEBIAN-CVE-2026-41642
GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as...
CVE-2026-41642
GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as...
CVE-2026-41643
GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic. This occurs during th...
CVE-2026-41643
GoBGP vulnerability CVE-2026-41643: a remote DoS (panic) in UpdatePathAttrs4ByteAs when processing BGP UPDATE messages containing both AS_PATH and AS4_PATH. The bug occurs in GoBGP v4.2.0 and earlier due to an index handling error that can trigger a runtime panic (index out of range) when the AS4...
CVE-2026-41643 GoBGP: Remote Denial of Service (Panic) in UpdatePathAttrs4ByteAs via Malformed BGP UPDATE
GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic. This occurs during th...
CVE-2026-41643
GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic. This occurs during th...
CVE-2026-42285
GoBGP CVE-2026-42285 causes a panic (nil pointer dereference) in AdjRib.Update when a remote unauthenticated BGP UPDATE message with inconsistent/short attribute lengths is processed as a withdraw, crashing the GoBGP process and causing DoS. The issue is triggered in version 4.4.0 and has a fix i...
CVE-2026-42285 GoBGP: Panic in AdjRib.Update via malformed BGP Update message (Nil Pointer Dereference)
GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent...
CVE-2026-41642
GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the UpdatePathAttrs4ByteAs function when processing malformed BGP UPDATE messages containing both ASPATH and AS4PATH attributes. An attacker can cause the process to crash by sending a specially...
GoBGP has Remote Denial of Service (Panic) via Malformed Well-known Path Attribute
Summary A remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as "Well-known," the daemon fails to interrupt the message handling flow. This results in an illegal memory...
Improper Check for Unusual or Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions via the recvMessageloop validation path in fsm.go. An attacker can crash the GoBGP process by sending a BGP UPDATE whose NEXTHOP attribute reports a length shorter than 4 while the...
EUVD-2019-6883
Malware in sbrugna...
EUVD-2012-4043
Malware in sbrugna...
EUVD-2012-4042
Malware in sbrugna...
EUVD-2018-17036
Malware in sbrugna...