Executive Summary

CVE-2026-30405 is a vulnerability in GoBGP version 4.2.0 where a remote attacker can send a malformed BGP UPDATE message containing a NEXT_HOP path attribute with an invalid length less than 4 bytes.

According to the BGP protocol standard (RFC 4271), the NEXT_HOP attribute must have a length of exactly 4 bytes. However, GoBGP improperly accepts and partially processes messages where this length is less than 4, leading to misaligned parsing of path attributes.

This causes an out-of-bounds access and a runtime panic during attribute validation, specifically in the ValidateAttribute function, which crashes the GoBGP daemon.

The root cause is that GoBGP constructs a PathAttributeNextHop object despite the invalid length, resulting in an inconsistent internal state and subsequent panic during AS_PATH validation.

The vulnerability can be triggered by establishing an EBGP session and sending a BGP UPDATE message with a NEXT_HOP attribute length less than 4 bytes.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can cause a denial of service (DoS) by crashing the GoBGP daemon when it receives a malformed BGP UPDATE message with an invalid NEXT_HOP attribute length.

The crash occurs due to a runtime panic triggered by out-of-bounds access during attribute validation, which disrupts the normal operation of the BGP routing process.

As a result, network routing managed by GoBGP may be interrupted, potentially causing loss of connectivity or degraded network performance until the service is restored.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for GoBGP daemon crashes or panics related to the NEXT_HOP path attribute processing. Specifically, look for panic error messages indicating an "index out of range" during BGP UPDATE message validation.'}, {'type': 'paragraph', 'content': 'To reproduce or detect the issue, establish an EBGP session with the affected GoBGP version (4.2.0) in the BGP_FSM_ESTABLISHED state and send a BGP UPDATE message containing a NEXT_HOP attribute with a length less than 4 bytes (e.g., 0, 1, 2, or 3).'}, {'type': 'paragraph', 'content': 'While specific commands are not provided, network operators can use BGP testing tools or packet crafting utilities (such as Scapy) to send malformed BGP UPDATE messages with invalid NEXT_HOP attribute lengths to test if the GoBGP process panics.'}] [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation involves preventing the GoBGP daemon from processing malformed BGP UPDATE messages with NEXT_HOP attributes of invalid length.

Since the vulnerability arises from improper length validation, applying patches or updates that add strict length checks for the NEXT_HOP attribute during parsing or validation is recommended.

Until a patch is available, consider implementing network-level filtering to block or drop BGP UPDATE messages with NEXT_HOP attributes shorter than 4 bytes to avoid triggering the panic and daemon crash.

Monitoring the GoBGP process for crashes and restarting it promptly can also help maintain service availability while mitigation is applied.

Useful 0 Not Useful 0