CVE-2026-7737: Out-of-Bounds Read in osrg GoBGP
A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated remotely. Upgrading to version 4.4.0 can resolve this issue. The identifier of the patch is bc77597d42335c78464bc8e15a471d887bbdf260. Upgrading the affected component is recommended.
AI Analysis
Technical Summary
This vulnerability involves an out-of-bounds read in the BMP Parser component of osrg GoBGP (up to version 4.3.0), specifically in the BMPPeerUpNotification.ParseBody and BMPStatisticsReport.ParseBody functions within the pkg/packet/bmp/bmp.go file. The issue allows remote attackers to cause an out-of-bounds read, potentially leading to memory corruption or information disclosure. The problem is fixed in version 4.4.0, with the patch identified by commit bc77597d42335c78464bc8e15a471d887bbdf260.
Potential Impact
The out-of-bounds read vulnerability can be exploited remotely without authentication, which may lead to memory access violations. While the exact impact is not detailed, such vulnerabilities can cause application crashes or potentially expose sensitive information. The CVSS score of 6.9 indicates a medium severity impact.
Mitigation Recommendations
Upgrading the affected GoBGP component to version 4.4.0 is recommended to remediate this vulnerability. The patch is identified by commit bc77597d42335c78464bc8e15a471d887bbdf260. No other mitigation or temporary fixes are indicated.
CVE-2026-7737: Out-of-Bounds Read in osrg GoBGP
Description
A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated remotely. Upgrading to version 4.4.0 can resolve this issue. The identifier of the patch is bc77597d42335c78464bc8e15a471d887bbdf260. Upgrading the affected component is recommended.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves an out-of-bounds read in the BMP Parser component of osrg GoBGP (up to version 4.3.0), specifically in the BMPPeerUpNotification.ParseBody and BMPStatisticsReport.ParseBody functions within the pkg/packet/bmp/bmp.go file. The issue allows remote attackers to cause an out-of-bounds read, potentially leading to memory corruption or information disclosure. The problem is fixed in version 4.4.0, with the patch identified by commit bc77597d42335c78464bc8e15a471d887bbdf260.
Potential Impact
The out-of-bounds read vulnerability can be exploited remotely without authentication, which may lead to memory access violations. While the exact impact is not detailed, such vulnerabilities can cause application crashes or potentially expose sensitive information. The CVSS score of 6.9 indicates a medium severity impact.
Mitigation Recommendations
Upgrading the affected GoBGP component to version 4.4.0 is recommended to remediate this vulnerability. The patch is identified by commit bc77597d42335c78464bc8e15a471d887bbdf260. No other mitigation or temporary fixes are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-03T16:16:33.784Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f83e68cbff5d8610c9d5b0
Added to database: 5/4/2026, 6:36:24 AM
Last enriched: 5/4/2026, 6:51:49 AM
Last updated: 5/4/2026, 7:36:55 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.