Primary

Context

osrg GoBGP Buffer Overflow Vulnerability in AIGP Attribute Parser

Vulnerability

Patched

A buffer overflow vulnerability has been identified in osrg GoBGP versions through 4.3.0. The issue arises in the AIGP Attribute Parser, specifically within the PathAttributeAigp.DecodeFromBytes function in pkg/packet/bgp/bgp.go. The vulnerability can be exploited remotely by manipulating the AIGP path attribute parsing, leading to a buffer overflow condition.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can potentially be used to execute arbitrary code or cause a denial-of-service condition by crashing the application.

Remediation

Users can upgrade to GoBGP version 4.4.0 or later to address this vulnerability. Version 4.4.0 is available as a binary release and can be downloaded from the GoBGP GitHub Releases page.

Added: May 4, 2026, 6:18 AM

Updated: May 4, 2026, 6:18 AM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

8.2

remediation

7.7

relevance

7.2

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

8.2

remediation

7.7

relevance

7.2

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

osrg GoBGP Buffer Overflow Vulnerability in AIGP Attribute Parser

Vulnerability

Impact

Remediation

Affected Products

osrg GoBGP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating