github.com/osrg/gobgp/v4

Go7 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/osrg/gobgp/v4page 1 of 1

CVE-2026-30405HIGHCVSS 7.5EG 7.5
2026-03-16
An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_HOP path attribute
CVE-2026-37461HIGHCVSS 7.5EG 7.5✓ Fixed in 4.4.0
2026-05-04
An out-of-bounds read in the ParseIP6Extended function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
CVE-2026-41642HIGHCVSS 7.5EG 7.5✓ Fixed in 4.4.0
2026-05-07
vulnerable: 4.3.0
GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service (DoS) vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UP…
CVE-2026-41643HIGHCVSS 7.5EG 7.5✓ Fixed in 4.3.0
2026-05-07
GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service (DoS) vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a …
CVE-2026-42285HIGHCVSS 7.5EG 7.5✓ Fixed in 4.5.0
2026-05-07
vulnerable: 4.4.0
GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message.…
CVE-2026-7734MEDIUMCVSS 5.3EG 5.3✓ Fixed in 4.4.0
2026-05-04
A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefix_sid.go of the component SRv6 L3 Service. Such manipulation of the argument data le…
CVE-2026-7736HIGHCVSS 7.3EG 7.3✓ Fixed in 4.4.0
2026-05-04
A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the …

Check whether github.com/osrg/gobgp/v4 is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/osrg/gobgp/v4 CVEs against the assets you own.

Start Free Scan →