CVE-2026-7735

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L                                    

Vulnerability Description

A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. Upgrading to version 4.4.0 is able to address this issue. The patch is named 51ad1ada06cb41ce47b7066799981816f50b7ced. The affected component should be upgraded.

Vulnerability Details

Published Date

May 04, 2026

Last Modified

May 06, 2026

CWE ID

CWE-119

Source

NVD

Vendor

osrg

Product

gobgp

External References

https://github.com/osrg/gobgp/
https://github.com/osrg/gobgp/commit/51ad1ada06cb41ce47b7066799981816f50b7ced
https://github.com/osrg/gobgp/releases/tag/v4.4.0
https://vuldb.com/submit/807600
https://vuldb.com/vuln/360910
https://vuldb.com/vuln/360910/cti

CVE-2026-7735

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment