CVE-2026-30405
Denial of Service in GoBGP v4.2.0 via NEXT_HOP Attribute
Publication date: 2026-03-16
Last updated on: 2026-04-07
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| osrg | gobgp | 4.2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-30405 is a vulnerability in GoBGP version 4.2.0 where a remote attacker can send a malformed BGP UPDATE message containing a NEXT_HOP path attribute with an invalid length less than 4 bytes.
According to the BGP protocol standard (RFC 4271), the NEXT_HOP attribute must have a length of exactly 4 bytes. However, GoBGP improperly accepts and partially processes messages where this length is less than 4, leading to misaligned parsing of path attributes.
This causes an out-of-bounds access and a runtime panic during attribute validation, specifically in the ValidateAttribute function, which crashes the GoBGP daemon.
The root cause is that GoBGP constructs a PathAttributeNextHop object despite the invalid length, resulting in an inconsistent internal state and subsequent panic during AS_PATH validation.
The vulnerability can be triggered by establishing an EBGP session and sending a BGP UPDATE message with a NEXT_HOP attribute length less than 4 bytes.
How can this vulnerability impact me? :
This vulnerability can cause a denial of service (DoS) by crashing the GoBGP daemon when it receives a malformed BGP UPDATE message with an invalid NEXT_HOP attribute length.
The crash occurs due to a runtime panic triggered by out-of-bounds access during attribute validation, which disrupts the normal operation of the BGP routing process.
As a result, network routing managed by GoBGP may be interrupted, potentially causing loss of connectivity or degraded network performance until the service is restored.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for GoBGP daemon crashes or panics related to the NEXT_HOP path attribute processing. Specifically, look for panic error messages indicating an "index out of range" during BGP UPDATE message validation.'}, {'type': 'paragraph', 'content': 'To reproduce or detect the issue, establish an EBGP session with the affected GoBGP version (4.2.0) in the BGP_FSM_ESTABLISHED state and send a BGP UPDATE message containing a NEXT_HOP attribute with a length less than 4 bytes (e.g., 0, 1, 2, or 3).'}, {'type': 'paragraph', 'content': 'While specific commands are not provided, network operators can use BGP testing tools or packet crafting utilities (such as Scapy) to send malformed BGP UPDATE messages with invalid NEXT_HOP attribute lengths to test if the GoBGP process panics.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves preventing the GoBGP daemon from processing malformed BGP UPDATE messages with NEXT_HOP attributes of invalid length.
Since the vulnerability arises from improper length validation, applying patches or updates that add strict length checks for the NEXT_HOP attribute during parsing or validation is recommended.
Until a patch is available, consider implementing network-level filtering to block or drop BGP UPDATE messages with NEXT_HOP attributes shorter than 4 bytes to avoid triggering the panic and daemon crash.
Monitoring the GoBGP process for crashes and restarting it promptly can also help maintain service availability while mitigation is applied.