PT-2026-29028 · Osrg · Gobgp
Rensiru
·
Publicado
2026-01-01
·
Atualizado
2026-04-08
·
CVE-2026-5122
CVSS v4.0
6.3
Média
| Vetor | AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
osrg GoBGP versions through 4.3.0
Description
A security issue exists in osrg GoBGP up to version 4.3.0. The issue resides in the
DecodeFromBytes function within the pkg/packet/bgp/bgp.go file, specifically in the BGP OPEN Message Handler component. Manipulation of the domainNameLen argument can lead to improper access controls. The attack can be initiated remotely and requires a high degree of complexity, with exploitability reported as difficult.Recommendations
Install the patch 2b09db390a3d455808363c53e409afe6b1b86d2d to address this issue.
Correção
Incorrect Privilege Assignment
Improper Access Control
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Gobgp