Detections
Analytics

CVE-2026-5122

medium

Description

A security flaw has been discovered in osrg GoBGP up to 4.3.0. This affects the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP OPEN Message Handler. Performing a manipulation of the argument domainNameLen results in improper access controls. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The patch is named 2b09db390a3d455808363c53e409afe6b1b86d2d. It is suggested to install a patch to address this issue.

References

https://vuldb.com/vuln/354154/cti

https://vuldb.com/vuln/354154

https://vuldb.com/submit/780124

https://github.com/osrg/gobgp/pull/3343

https://github.com/osrg/gobgp/commit/2b09db390a3d455808363c53e409afe6b1b86d2d

https://github.com/osrg/gobgp/

Details

Source: Mitre, NVD

Published: 2026-03-30

Updated: 2026-04-01

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 3.7

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity: Low

CVSS v4

Base Score: 6.3

Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00033