Primary

Context

osrg GoBGP Out-of-Bounds Read Vulnerability in BMP Parser Component

Vulnerability

Patched

A vulnerability allowing for an out-of-bounds read has been identified in osrg GoBGP versions through 4.3.0. This issue arises in the BMP Parser component, specifically within the BMPPeerUpNotification.ParseBody and BMPStatisticsReport.ParseBody functions of pkg/packet/bmp/bmp.go. The vulnerability can be exploited remotely, leading to potential memory access issues.

Impact

Exploitation of this vulnerability causes an out-of-bounds read, which can lead to memory access violations and potentially allow for further exploitation, such as arbitrary code execution or causing a denial-of-service condition.

Remediation

Users can upgrade to osrg GoBGP version 4.4.0 or later to address this vulnerability. GoBGP 4.4.0 is available for download from the GoBGP GitHub Releases page.

Added: May 4, 2026, 7:26 AM

Updated: May 4, 2026, 7:26 AM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

8.2

remediation

7.7

relevance

7.4

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

8.2

remediation

7.7

relevance

7.4

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

osrg GoBGP Out-of-Bounds Read Vulnerability in BMP Parser Component

Vulnerability

Impact

Remediation

Affected Products

osrg GoBGP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating