CVE-2026-37461
Out-of-Bounds Read in GoBGP BGP UPDATE Message Handling
Publication date: 2026-05-04
Last updated on: 2026-05-05
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gobgp | gobgp | 4.3.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds read in the ParseIP6Extended function located in the /bgp/bgp.go file of gobgp version 4.3.0. It occurs when the function processes a crafted BGP UPDATE message, which can lead to unexpected behavior.
Specifically, the out-of-bounds read means the program reads data outside the allocated memory bounds, which is a programming error that can cause the program to crash or behave unpredictably.
How can this vulnerability impact me? :
This vulnerability can be exploited by attackers to cause a Denial of Service (DoS) condition. By sending a specially crafted BGP UPDATE message, an attacker can trigger the out-of-bounds read, potentially crashing the gobgp service or making it unavailable.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in gobgp v4.3.0 allows an attacker to cause a Denial of Service (DoS) via a crafted BGP UPDATE message, which impacts availability but does not affect confidentiality or integrity of data.
Since the vulnerability leads to a DoS condition without compromising data confidentiality or integrity, its direct impact on compliance with standards like GDPR or HIPAAβwhich emphasize protection of personal data confidentiality and integrityβis limited.
However, availability is also a component of many security frameworks, and a DoS could affect service availability requirements under these regulations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an out-of-bounds read in the ParseIP6Extended function of gobgp v4.3.0 triggered by a crafted BGP UPDATE message. Detection would involve monitoring for malformed BGP UPDATE messages that attempt to exploit this parsing issue.
Specifically, malformed BGP UPDATE messages with incorrect section lengths (such as withdrawn route length or path attribute length underflows) can cause this issue.
To detect such attempts, you can capture and analyze BGP UPDATE messages on your network using packet capture tools like tcpdump or Wireshark, filtering for BGP traffic (TCP port 179).
- Use tcpdump to capture BGP packets: tcpdump -i <interface> tcp port 179 -w bgp_capture.pcap
- Analyze the captured packets in Wireshark, looking for malformed BGP UPDATE messages with suspiciously small or inconsistent length fields in withdrawn routes or path attributes.
Additionally, monitoring gobgp logs for errors related to BGP UPDATE message parsing failures or unexpected crashes could indicate exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update gobgp to a version that includes the security fixes addressing this vulnerability.
The fixes include adding proper bounds checks in the BGPUpdate.DecodeFromBytes function to reject malformed BGP UPDATE messages early, preventing the out-of-bounds read and potential denial of service.
If updating immediately is not possible, consider implementing network-level filtering to block suspicious or malformed BGP UPDATE messages from untrusted peers.
Also, monitor gobgp logs for any unusual errors or crashes that could indicate exploitation attempts.