Description
A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this issue. This patch is called 76d911046344a3923cbe573364197aa081944592. It is suggested to upgrade the affected component.
References (6)
Core 6
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-360911 | osrg GoBGP mrt.go parseRibEntry integer underflow
https://vuldb.com/vuln/360911
Signature, Permissions Required signature
permissions-required
VDB-360911 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/360911/cti
Third Party Advisory third-party-advisory
Submit #807604 | osrg GoBGP <= 4.3.0 Integer Underflow
https://vuldb.com/submit/807604
Product product
https://github.com/osrg/gobgp/
Scores
CVSS v3
7.3
EPSS
0.0005
EPSS Percentile
14.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-189
CWE-191
Status
published
Products (5)
osrg/GoBGP
4.0
osrg/GoBGP
4.1
osrg/GoBGP
4.2
osrg/GoBGP
4.3.0
osrg/GoBGP
4.4.0
Published
May 04, 2026
Tracked Since
May 04, 2026