Vulnerability Description
A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. Upgrading to version 4.4.0 is able to address this issue. The patch is named 51ad1ada06cb41ce47b7066799981816f50b7ced. The affected component should be upgraded.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Osrg | Gobgp | < 4.4.0 |
Related Weaknesses (CWE)
References
- https://github.com/osrg/gobgp/Product
- https://github.com/osrg/gobgp/commit/51ad1ada06cb41ce47b7066799981816f50b7cedPatch
- https://github.com/osrg/gobgp/releases/tag/v4.4.0PatchProduct
- https://vuldb.com/submit/807600Third Party AdvisoryVDB Entry
- https://vuldb.com/vuln/360910Third Party AdvisoryVDB Entry
- https://vuldb.com/vuln/360910/ctiPermissions RequiredVDB Entry
FAQ
What is CVE-2026-7735?
CVE-2026-7735 is a vulnerability with a CVSS score of 7.3 (HIGH). A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a m...
How severe is CVE-2026-7735?
CVE-2026-7735 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-7735?
Check the references section above for vendor advisories and patch information. Affected products include: Osrg Gobgp.