CVE-2026-5123

Medium CVSS: 6.3

A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go. Executing a manipulation of the argument data[1] can lead to off-by-one. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is said to be difficult. This patch is called 67c059413470df64bc20801c46f64058e88f800f. A patch should be applied to remediate this issue.

Vendor

Osrg

Product

Gobgp

CWE

CWE-189

Yayın Tarihi

2026-03-30 16:16:10

Güncelleme

2026-04-06 15:46:13

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-189 Gobgp MEDIUM Osrg 2026

Referanslar

https://github.com/osrg/gobgp/ https://github.com/osrg/gobgp/commit/67c059413470df64bc20801c46f64058e88f800f https://github.com/osrg/gobgp/pull/3342 https://vuldb.com/submit/780179 https://vuldb.com/vuln/354155 https://vuldb.com/vuln/354155/cti

Benzer Kayıtlar

Medium

CVE-2026-5124

A security vulnerability has been detected in osrg GoBGP up to 4.3.0. Affected is the function BGPHeader.DecodeFromBytes…

High

CVE-2026-30405

An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_HOP path attribute

Medium

CVE-2025-43970

An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by…

High

CVE-2025-43971

An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value…

Medium

CVE-2025-43972

An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec pars…

Medium

CVE-2025-43973

An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds…