Buffer Overflow Vulnerability in GoBGP by osrg
CVE-2026-7735

6.9MEDIUM

Key Information:

Vendor: Osrg
Status: Gobgp
Vendor: CVE Published:; 4 May 2026

What is CVE-2026-7735?

A buffer overflow vulnerability exists in the PathAttributeAigp.DecodeFromBytes function of the AIGP Attribute Parser in GoBGP versions up to 4.3.0. This flaw can potentially be exploited remotely, allowing attackers to manipulate the input data to cause unexpected behavior in the application. Affected users are recommended to upgrade to version 4.4.0, where the issue has been addressed with a specific patch identified by commit 51ad1ada06cb41ce47b7066799981816f50b7ced.

Affected Version(s)

GoBGP 4.0

GoBGP 4.1

GoBGP 4.2

References

https://vuldb.com/vuln/360910

vdb-entrytechnical-description

https://vuldb.com/vuln/360910/cti

signaturepermissions-required

https://vuldb.com/submit/807600

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 4, 2026
Vulnerability Reserved
May 3, 2026

Credit

rensiru (VulDB User)

CVE-2026-7735 Data

JSON