PT-2026-36763 · Osrg+1 · Gobgp+1

Rensiru

Published

2026-05-04

Updated

2026-06-03

CVE-2026-7734

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions osrg GoBGP versions prior to 4.4.0

Description A remote denial of service can occur in the SRv6 L3 Service component. The issue exists within the SRv6L3ServiceAttribute.DecodeFromBytes() function located in the pkg/packet/bgp/prefix sid.go file, where manipulation of the argument data triggers the failure.

Recommendations Update to version 4.4.0.

Fix

DoS

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

CVE-2026-7734

GHSA-VM3G-8XWV-MXFP

USN-8348-1

Affected Products

Gobgp

Ubuntu

PT-2026-36763 · Osrg+1 · Gobgp+1

CVE-2026-7734

Weakness Enumeration

Related Identifiers

Affected Products

References · 22