Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
8DescriptionCVE.org
A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this issue. This patch is called 76d911046344a3923cbe573364197aa081944592. It is suggested to upgrade the affected component.
AnalysisAI
Integer underflow in osrg GoBGP up to version 4.3.0 allows remote attackers to trigger a crash or information disclosure via crafted MRT (Multi-Threaded Routing Toolkit) packet data in the parseRibEntry function. The vulnerability arises from improper bounds checking when processing RIB (Routing Information Base) entries, enabling network-based exploitation without authentication. Vendor-released patch version 4.4.0 addresses this issue; no active exploitation has been confirmed at time of analysis.
Technical ContextAI
The vulnerability exists in the MRT packet parsing logic within pkg/packet/mrt/mrt.go, specifically in the parseRibEntry function which processes BGP route information from MRT-formatted files or network streams. MRT is a standard binary format for storing BGP routing information used for monitoring and analysis. The root cause is CWE-191 (Integer Underflow or Wrap-around), where the code performs arithmetic subtraction on unsigned integers (uint16 attrLen) without first verifying that the minuend is greater than or equal to the subtrahend. The commit diff shows the fix adds a length check before parsing attributes and validates that individual path attribute lengths do not exceed the remaining attribute buffer, preventing the underflow condition that would lead to memory access violations or integer wrap-around.
RemediationAI
Upgrade osrg GoBGP to version 4.4.0 or later, which includes commit 76d911046344a3923cbe573364197aa081944592 that adds proper bounds checking in the parseRibEntry function. For organizations unable to immediately patch, restrict network access to GoBGP instances that process MRT data from untrusted sources by implementing network segmentation and firewall rules to limit which hosts can send MRT packets or files to GoBGP daemons. Disable MRT logging or RIB export features if not actively required for monitoring purposes. Monitor GoBGP process logs and system logs for crashes or unusual memory access patterns that might indicate exploitation attempts. Test patches in non-production environments before deployment to verify compatibility with existing BGP configurations and monitoring tools that may depend on GoBGP output formats.
Same weakness CWE-191 – Integer Underflow
View allSame technique Integer Overflow
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26916