CVE-2026-41643 GoBGP: Remote Denial of Service (Panic) in UpdatePathAttrs4ByteAs via Malformed BGP UPDATE

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic. This occurs during th...

CVE-2026-41643 GoBGP: Remote Denial of Service (Panic) in UpdatePathAttrs4ByteAs via Malformed BGP UPDATE

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error: index out of range panic. This occurs during th...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the UpdatePathAttrs4ByteAs function when processing malformed BGP UPDATE messages containing both ASPATH and AS4PATH attributes. An attacker can cause the process to crash by sending a specially...

PT-2026-37136

Name of the Vulnerable Software and Affected Versions GoBGP versions prior to 4.3.0 Description A remote Denial of Service DoS issue exists where a malformed BGP UPDATE message can trigger a runtime error resulting in an index out of range panic. This occurs during the processing of 4-byte AS...