Nixpkgs security tracker
Untriaged
Permalink
CVE-2026-7735
7.3 HIGH
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
Activity log
- Created suggestion
osrg GoBGP AIGP Attribute bgp.go PathAttributeAigp.DecodeFromBytes buffer overflow
A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. Upgrading to version 4.4.0 is able to address this issue. The patch is named 51ad1ada06cb41ce47b7066799981816f50b7ced. The affected component should be upgraded.
References
-
VDB-360910 | osrg GoBGP AIGP Attribute bgp.go PathAttributeAigp.DecodeFromBytes buffer overflow vdb-entrytechnical-description
-
-
Submit #807600 | GoBGP 4.3.0 Improper Input Validation third-party-advisory
-
https://github.com/osrg/gobgp/ product
Affected products
GoBGP
- ==4.0
- ==4.3.0
- ==4.4.0
- ==4.2
- ==4.1
Matching in nixpkgs
pkgs.gobgp
CLI tool for GoBGP
Package maintainers
-
@higebu Yuya Kusakabe <yuya.kusakabe@gmail.com>