osrg GoBGP BMP Parser bmp.go BMPStatisticsReport.ParseBody out-of-bounds_CVE-2026-7737

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X

Description

A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated remotely. Upgrading to version 4.4.0 can resolve this issue. The identifier of the patch is bc77597d42335c78464bc8e15a471d887bbdf260. Upgrading the affected component is recommended.

Basic Information

ID CVE-2026-7737

Source VulDB

Published May 4, 2026 at 05:45

Affected Product

Vendor osrg

Product GoBGP

Version 4.0

Affected Versions osrg GoBGP 4.0
osrg GoBGP 4.1
osrg GoBGP 4.2
osrg GoBGP 4.3.0

CWE Classification

CWE-125 CWE-119

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated remotely. Upgrading to version 4.4.0 can resolve this issue. The identifier of the patch is bc77597d42335c78464bc8e15a471d887bbdf260. Upgrading the affected component is recommended.",
    "published": "2026-05-04T05:45:12.716Z",
    "modified": "2026-05-04T05:45:12.716Z",
    "type": "cve",
    "title": "osrg GoBGP BMP Parser bmp.go BMPStatisticsReport.ParseBody out-of-bounds",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/360912\nhttps://vuldb.com/vuln/360912/cti\nhttps://vuldb.com/submit/807605\nhttps://github.com/osrg/gobgp/commit/bc77597d42335c78464bc8e15a471d887bbdf260\nhttps://github.com/osrg/gobgp/releases/tag/v4.4.0\nhttps://github.com/osrg/gobgp/",
    "id": "CVE-2026-7737",
    "bulletinFamily": "",
    "cwe": [
        "CWE-125",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "osrg GoBGP 4.0\nosrg GoBGP 4.1\nosrg GoBGP 4.2\nosrg GoBGP 4.3.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GoBGP",
    "version": "4.0",
    "vendor": "osrg",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}