A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. Upgrading to version 4.4.0 is able to address this issue. The patch is named 51ad1ada06cb41ce47b7066799981816f50b7ced. The affected component should be upgraded.
References
| Link | Resource |
|---|---|
| https://github.com/osrg/gobgp/ | Product |
| https://github.com/osrg/gobgp/commit/51ad1ada06cb41ce47b7066799981816f50b7ced | Patch |
| https://github.com/osrg/gobgp/releases/tag/v4.4.0 | Patch Product |
| https://vuldb.com/submit/807600 | Third Party Advisory VDB Entry |
| https://vuldb.com/vuln/360910 | Third Party Advisory VDB Entry |
| https://vuldb.com/vuln/360910/cti | Permissions Required VDB Entry |
Configurations
History
06 May 2026, 20:27
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:osrg:gobgp:*:*:*:*:*:*:*:* | |
| First Time |
Osrg gobgp
Osrg |
|
| References | () https://github.com/osrg/gobgp/ - Product | |
| References | () https://github.com/osrg/gobgp/commit/51ad1ada06cb41ce47b7066799981816f50b7ced - Patch | |
| References | () https://github.com/osrg/gobgp/releases/tag/v4.4.0 - Patch, Product | |
| References | () https://vuldb.com/submit/807600 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/vuln/360910 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/vuln/360910/cti - Permissions Required, VDB Entry |
04 May 2026, 06:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-05-04 06:16
Updated : 2026-05-06 20:27
NVD link : CVE-2026-7735
Mitre link : CVE-2026-7735
CVE.ORG link : CVE-2026-7735
JSON object : View
Products Affected
osrg
- gobgp