PT-2026-36779 · Osrg+1 · Gobgp+1
Sunxj
·
Published
2026-05-04
·
Updated
2026-06-03
·
CVE-2026-7736
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
osrg GoBGP versions prior to 4.4.0
Description
A remote attack can be launched against the
parseRibEntry() function in the pkg/packet/mrt/mrt.go file, which may lead to an integer underflow. Integer underflow occurs when an arithmetic operation attempts to create a numeric value smaller than the minimum value the variable can store.Recommendations
Update to version 4.4.0.
As a temporary workaround, restrict access to the
parseRibEntry() function to minimize the risk of exploitation.Fix
Integer Underflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gobgp
Ubuntu