Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the gRPC management server. An attacker can access sensitive BGP configuration and manipulate routing decisions by sending unauthorized gRPC requests from any pod within the cluster. This...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the gRPC management server. An attacker can access sensitive BGP configuration and manipulate routing decisions by sending unauthorized gRPC requests from any pod within the cluster. This...

GHSA-V5MH-H5HX-7V92 kube-router: GoBGP gRPC Admin Port Exposed on Node Primary IP Without Authentication, Allowing Cluster-Wide BGP Route Injection

Summary When the kube-router routing controller starts --run-router, it binds the GoBGP gRPC management server to the node's primary IP e.g., 192.168.1.10:50051 in addition to 127.0.0.1:50051. The default admin port is 50051 and the server is enabled by default with no TLS and no authentication...

SUSE CVE-2026-37459

An integer underflow in FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

PT-2026-37259

Name of the Vulnerable Software and Affected Versions GoBGP versions prior to 4.5.0 Description An unauthenticated remote BGP peer can cause a fatal panic and complete loss of service availability by sending a specially crafted BGP UPDATE message. When the server receives a message with...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the ParseIP6Extended function. An attacker can cause the application to crash or become unresponsive by supplying a specially crafted BGP UPDATE message. Remediation Upgrade github.com/osrg/gobgp/v4/pkg/packet/bgp...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the ParseIP6Extended function. An attacker can cause the application to crash or become unresponsive by supplying a specially crafted BGP UPDATE message. Remediation There is no fixed version for...

CVE-2026-7736

A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this...

UBUNTU-CVE-2026-7737

A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated...

CVE-2026-7737

A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated...

CVE-2026-7735

A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. Upgrading...

GoBGP 缓冲区错误漏洞

GoBGP is an open-source implementation of the Border Gateway Protocol BGP developed by osrg. Versions of GoBGP prior to 4.3.0 contained a buffer error vulnerability. This vulnerability stems from a buffer overflow in the function PathAttributeAigp.DecodeFromBytes within the AIGP Attribute Parser...

GoBGP 缓冲区错误漏洞

GoBGP is an open-source implementation of the Border Gateway Protocol BGP developed by osrg. Version 4.3.0 of GoBGP contains a buffer error vulnerability; this vulnerability stems from an out-of-bounds read in the ParseIP6Extended function, which could allow attackers to cause denial-of-service...

FRRouting 资源管理错误漏洞

FRouting is an open-source network routing software suite that runs on Unix-like platforms. Versions of FRRouting from stable/10.0 to stable/10.6 contain a resource management vulnerability caused by integer underflow. This vulnerability could allow attackers to cause denial-of-service attacks by...

CVE-2026-37459

An integer underflow in FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

EUVD-2026-26999

An out-of-bounds read in the ParseIP6Extended function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

CVE-2026-37459

An integer underflow in FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

CVE-2026-37461

An out-of-bounds read in the ParseIP6Extended function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

Linux Distros Unpatched Vulnerability : CVE-2026-7735

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the compone...

CVE-2026-37461

An out-of-bounds read in the ParseIP6Extended function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...