CVE-2026-7737

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L                                    

Vulnerability Description

A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated remotely. Upgrading to version 4.4.0 can resolve this issue. The identifier of the patch is bc77597d42335c78464bc8e15a471d887bbdf260. Upgrading the affected component is recommended.

Vulnerability Details

Published Date

May 04, 2026

Last Modified

May 06, 2026

CWE ID

CWE-119

Source

NVD

Vendor

osrg

Product

gobgp

External References

https://github.com/osrg/gobgp/
https://github.com/osrg/gobgp/commit/bc77597d42335c78464bc8e15a471d887bbdf260
https://github.com/osrg/gobgp/releases/tag/v4.4.0
https://vuldb.com/submit/807605
https://vuldb.com/vuln/360912
https://vuldb.com/vuln/360912/cti

CVE-2026-7737

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment