PT-2026-29060 · Osrg · Gobgp
Sunxj
·
Publicado
2026-01-01
·
Atualizado
2026-03-31
·
CVE-2026-5124
CVSS v4.0
6.3
Média
| Vetor | AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
osrg GoBGP versions through 4.3.0
Description
A security issue has been identified in osrg GoBGP. The
BGPHeader.DecodeFromBytes function within the BGP Header Handler component, located in the file pkg/packet/bgp/bgp.go, is susceptible to improper access controls. Remote exploitation is possible, and the attack is considered to have high complexity with difficult exploitability.Recommendations
Deploy the patch with identifier f0f24a2a901cbf159260698211ab15c583ced131.
Correção
Incorrect Privilege Assignment
Improper Access Control
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Gobgp