Out-of-Bounds Read Vulnerability in GoBGP's BMP Parser by osrg
CVE-2026-7737

6.9MEDIUM

Key Information:

Vendor: Osrg
Status: Gobgp
Vendor: CVE Published:; 4 May 2026

What is CVE-2026-7737?

A vulnerability in the BMP Parser of osrg's GoBGP affects versions up to 4.3.0, specifically in the functions BMPPeerUpNotification.ParseBody and BMPStatisticsReport.ParseBody. This issue allows for remote attackers to manipulate data leading to out-of-bounds read scenarios, potentially exposing sensitive information. It is recommended to upgrade to version 4.4.0 or later to mitigate this risk, as it incorporates a necessary patch identified by the commit bc77597d42335c78464bc8e15a471d887bbdf260.

Affected Version(s)

GoBGP 4.0

GoBGP 4.1

GoBGP 4.2

References

https://vuldb.com/vuln/360912

vdb-entrytechnical-description

https://vuldb.com/vuln/360912/cti

signaturepermissions-required

https://vuldb.com/submit/807605

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 4, 2026
Vulnerability Reserved
May 3, 2026

Credit

Sunxj (VulDB User)

CVE-2026-7737 Data

JSON

Osrg

What is CVE-2026-7737?

Affected Version(s)

References

CVSS V4

Timeline

Credit