Detections
Analytics

CVE-2026-7735

medium

Description

A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. Upgrading to version 4.4.0 is able to address this issue. The patch is named 51ad1ada06cb41ce47b7066799981816f50b7ced. The affected component should be upgraded.

References

https://vuldb.com/vuln/360910/cti

https://vuldb.com/vuln/360910

https://vuldb.com/submit/807600

https://github.com/osrg/gobgp/releases/tag/v4.4.0

https://github.com/osrg/gobgp/commit/51ad1ada06cb41ce47b7066799981816f50b7ced

https://github.com/osrg/gobgp/

Details

Source: Mitre, NVD

Published: 2026-05-04

Updated: 2026-05-05

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity: High

CVSS v4

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00058