CVE-2026-7735

Sažetak

A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. Upgrading to version 4.4.0 is able to address this issue. The patch is named 51ad1ada06cb41ce47b7066799981816f50b7ced. The affected component should be upgraded.

Reference

https://github.com/osrg/gobgp/
https://github.com/osrg/gobgp/commit/51ad1ada06cb41ce47b7066799981816f50b7ced
https://github.com/osrg/gobgp/releases/tag/v4.4.0
https://vuldb.com/submit/807600
https://vuldb.com/vuln/360910
https://vuldb.com/vuln/360910/cti

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

05-05-2026 - 19:12

Objavljeno

04-05-2026 - 06:16