CVE-2026-7735

HIGH

osrg GoBGP AIGP Attribute bgp.go PathAttributeAigp.DecodeFromBytes buffer overflow

Title source: cna

Description

A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. Upgrading to version 4.4.0 is able to address this issue. The patch is named 51ad1ada06cb41ce47b7066799981816f50b7ced. The affected component should be upgraded.

References (6)

Core 6

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-360910 | osrg GoBGP AIGP Attribute bgp.go PathAttributeAigp.DecodeFromBytes buffer overflow

https://vuldb.com/vuln/360910

Signature, Permissions Required signature permissions-required

VDB-360910 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/vuln/360910/cti

Third Party Advisory third-party-advisory

Submit #807600 | GoBGP 4.3.0 Improper Input Validation

https://vuldb.com/submit/807600

Patch patch

https://github.com/osrg/gobgp/commit/51ad1ada06cb41ce47b7066799981816f50b7ced

View Patch ZIP pw:eip

Patch patch

https://github.com/osrg/gobgp/releases/tag/v4.4.0

Product product

https://github.com/osrg/gobgp/

Scores

CVSS v3 7.3

EPSS 0.0006

EPSS Percentile 17.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-119 CWE-120

Status published

Products (5)

osrg/GoBGP 4.0

osrg/GoBGP 4.1

osrg/GoBGP 4.2

osrg/GoBGP 4.3.0

osrg/GoBGP 4.4.0

Published May 04, 2026

Tracked Since May 04, 2026