Skip to main content

osrg GoBGP CVE-2026-7736

| EUVDEUVD-2026-26916 MEDIUM
Integer Underflow (CWE-191)
2026-05-04 VulDB
6.9
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Red Hat
7.5 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

8
Source Code Evidence Fetched
May 04, 2026 - 07:30 vuln.today
Analysis Generated
May 04, 2026 - 07:30 vuln.today
Severity Changed
May 04, 2026 - 07:22 NVD
HIGH MEDIUM
CVSS changed
May 04, 2026 - 07:22 NVD
7.3 (HIGH) 6.9 (MEDIUM)
EUVD ID Assigned
May 04, 2026 - 07:00 euvd
EUVD-2026-26916
Analysis Generated
May 04, 2026 - 07:00 vuln.today
Patch released
May 04, 2026 - 07:00 nvd
Patch available
CVE Published
May 04, 2026 - 05:30 nvd
MEDIUM 6.9

DescriptionCVE.org

A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this issue. This patch is called 76d911046344a3923cbe573364197aa081944592. It is suggested to upgrade the affected component.

AnalysisAI

Integer underflow in osrg GoBGP up to version 4.3.0 allows remote attackers to trigger a crash or information disclosure via crafted MRT (Multi-Threaded Routing Toolkit) packet data in the parseRibEntry function. The vulnerability arises from improper bounds checking when processing RIB (Routing Information Base) entries, enabling network-based exploitation without authentication. Vendor-released patch version 4.4.0 addresses this issue; no active exploitation has been confirmed at time of analysis.

Technical ContextAI

The vulnerability exists in the MRT packet parsing logic within pkg/packet/mrt/mrt.go, specifically in the parseRibEntry function which processes BGP route information from MRT-formatted files or network streams. MRT is a standard binary format for storing BGP routing information used for monitoring and analysis. The root cause is CWE-191 (Integer Underflow or Wrap-around), where the code performs arithmetic subtraction on unsigned integers (uint16 attrLen) without first verifying that the minuend is greater than or equal to the subtrahend. The commit diff shows the fix adds a length check before parsing attributes and validates that individual path attribute lengths do not exceed the remaining attribute buffer, preventing the underflow condition that would lead to memory access violations or integer wrap-around.

RemediationAI

Upgrade osrg GoBGP to version 4.4.0 or later, which includes commit 76d911046344a3923cbe573364197aa081944592 that adds proper bounds checking in the parseRibEntry function. For organizations unable to immediately patch, restrict network access to GoBGP instances that process MRT data from untrusted sources by implementing network segmentation and firewall rules to limit which hosts can send MRT packets or files to GoBGP daemons. Disable MRT logging or RIB export features if not actively required for monitoring purposes. Monitor GoBGP process logs and system logs for crashes or unusual memory access patterns that might indicate exploitation attempts. Test patches in non-production environments before deployment to verify compatibility with existing BGP configurations and monitoring tools that may depend on GoBGP output formats.

Vendor StatusVendor

Share

CVE-2026-7736 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy