Skip to main content

Gobgp

8 CVEs product

Monthly

CVE-2026-7735 MEDIUM PATCH This Month

Buffer overflow in GoBGP's AIGP Attribute Parser allows remote unauthenticated attackers to manipulate the PathAttributeAigp.DecodeFromBytes function via malformed BGP UPDATE messages, potentially causing memory corruption. Versions up to 4.3.0 are affected. GoBGP 4.4.0 includes a vendor-released patch that adds proper bounds checking and validation of TLV length fields.

Buffer Overflow Gobgp
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-5124 MEDIUM PATCH This Month

Improper access controls in osrg GoBGP up to version 4.3.0 allow remote attackers to bypass authentication via manipulation of the BGP Header Handler's DecodeFromBytes function. The vulnerability affects the BGP packet parsing mechanism and enables unauthorized modifications to BGP protocol state without requiring authentication. With a CVSS score of 3.7 and high attack complexity, exploitation is difficult but possible over the network; no public exploit code or active exploitation has been confirmed.

Authentication Bypass Gobgp
NVD VulDB GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-5123 MEDIUM PATCH This Month

Denial of service in osrg GoBGP up to version 4.3.0 via off-by-one error in the DecodeFromBytes function allows remote, unauthenticated attackers to crash the BGP daemon through manipulation of packet data, resulting in availability impact. The vulnerability requires high attack complexity and has difficult exploitability; no public exploit code or active exploitation is currently confirmed, though a patch is available from the vendor.

Information Disclosure Gobgp
NVD VulDB GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-5122 MEDIUM PATCH This Month

Improper access control in osrg GoBGP up to 4.3.0 allows remote attackers to manipulate the domainNameLen parameter in BGP OPEN Message processing, resulting in integrity compromise through the DecodeFromBytes function. The vulnerability requires high attack complexity and has low real-world risk despite network-accessible attack vector; no public exploit code or confirmed active exploitation has been identified. A vendor patch is available via upstream commit 2b09db390a3d455808363c53e409afe6b1b86d2d.

Authentication Bypass Gobgp
NVD VulDB GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2025-43973 Go MEDIUM PATCH This Month

An issue was discovered in GoBGP before 3.35.0. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Suse Gobgp
NVD GitHub
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-43972 Go MEDIUM PATCH This Month

An issue was discovered in GoBGP before 3.35.0. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Suse Gobgp
NVD GitHub
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-43971 Go HIGH PATCH This Week

An issue was discovered in GoBGP before 3.35.0. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Suse Gobgp
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-43970 Go MEDIUM PATCH This Month

An issue was discovered in GoBGP before 3.35.0. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Suse Gobgp
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Buffer overflow in GoBGP's AIGP Attribute Parser allows remote unauthenticated attackers to manipulate the PathAttributeAigp.DecodeFromBytes function via malformed BGP UPDATE messages, potentially causing memory corruption. Versions up to 4.3.0 are affected. GoBGP 4.4.0 includes a vendor-released patch that adds proper bounds checking and validation of TLV length fields.

Buffer Overflow Gobgp
NVD VulDB GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Improper access controls in osrg GoBGP up to version 4.3.0 allow remote attackers to bypass authentication via manipulation of the BGP Header Handler's DecodeFromBytes function. The vulnerability affects the BGP packet parsing mechanism and enables unauthorized modifications to BGP protocol state without requiring authentication. With a CVSS score of 3.7 and high attack complexity, exploitation is difficult but possible over the network; no public exploit code or active exploitation has been confirmed.

Authentication Bypass Gobgp
NVD VulDB GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Denial of service in osrg GoBGP up to version 4.3.0 via off-by-one error in the DecodeFromBytes function allows remote, unauthenticated attackers to crash the BGP daemon through manipulation of packet data, resulting in availability impact. The vulnerability requires high attack complexity and has difficult exploitability; no public exploit code or active exploitation is currently confirmed, though a patch is available from the vendor.

Information Disclosure Gobgp
NVD VulDB GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Improper access control in osrg GoBGP up to 4.3.0 allows remote attackers to manipulate the domainNameLen parameter in BGP OPEN Message processing, resulting in integrity compromise through the DecodeFromBytes function. The vulnerability requires high attack complexity and has low real-world risk despite network-accessible attack vector; no public exploit code or confirmed active exploitation has been identified. A vendor patch is available via upstream commit 2b09db390a3d455808363c53e409afe6b1b86d2d.

Authentication Bypass Gobgp
NVD VulDB GitHub
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

An issue was discovered in GoBGP before 3.35.0. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Suse Gobgp
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

An issue was discovered in GoBGP before 3.35.0. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Suse Gobgp
NVD GitHub
EPSS 0% CVSS 8.6
HIGH PATCH This Week

An issue was discovered in GoBGP before 3.35.0. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Suse Gobgp
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

An issue was discovered in GoBGP before 3.35.0. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Suse Gobgp
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy