What is GHSA-pw7p-7fqv-hpj8?

GHSA-pw7p-7fqv-hpj8 is a security advisory published by GitHub Security Advisories with High severity. An integer underflow in the BGPUpdate.DecodeFromBytes function (/bgp/bgp.go) of gobgp v4.3.0...

Which CVE IDs does GHSA-pw7p-7fqv-hpj8 cover?

GHSA-pw7p-7fqv-hpj8 covers the following CVE IDs: CVE-2026-37462. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-pw7p-7fqv-hpj8?

GHSA-pw7p-7fqv-hpj8 has a CVSS v3 base score of 7.3, published by GitHub Security Advisories.

GHSA-pw7p-7fqv-hpj8HighCVSS 7.3

An integer underflow in the BGPUpdate.DecodeFromBytes function (/bgp/bgp.go) of gobgp v4.3.0...

Vendor

GitHub Security Advisories

Published

June 3, 2026

Last Modified

June 3, 2026

🔗 CVE IDs covered (1)

CVE-2026-37462 →

📋 Description

An integer underflow in the BGPUpdate.DecodeFromBytes function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-37462
https://github.com/osrg/gobgp/commit/9ce8936672ebc07df524da77fa4c6ae26d92be6d
https://github.com/osrg/gobgp/blob/v4.3.0/pkg/packet/bgp/bgp.go
https://github.com/advisories/GHSA-pw7p-7fqv-hpj8