CVE-2026-5123

Name of the Vulnerable Software and Affected Versions osrg GoBGP versions through 4.3.0

Description A weakness exists in the DecodeFromBytes function within the pkg/packet/bgp/bgp.go file of osrg GoBGP. Manipulating the data[1] argument can lead to an off-by-one error. The attack can be launched remotely and is considered highly complex with difficult exploitability. The identified patch is 67c059413470df64bc20801c46f64058e88f800f.

Recommendations Apply the patch 67c059413470df64bc20801c46f64058e88f800f to address the issue.