CVE-2026-37461

Name of the Vulnerable Software and Affected Versions gobgp version 4.3.0

Description An out-of-bounds read in the ParseIP6Extended() function within the '/bgp/bgp.go' file allows attackers to cause a Denial of Service (DoS) by supplying a crafted BGP UPDATE message.

Recommendations As a temporary workaround, consider restricting the processing of BGP UPDATE messages that trigger the ParseIP6Extended() function until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.