2464870 – (CVE-2026-7737) CVE-2026-7737 github.com/osrg/gobgp: osrg GoBGP: Denial of service via out-of-bounds read in BMP Parser

Bug 2464870 (CVE-2026-7737) - CVE-2026-7737 github.com/osrg/gobgp: osrg GoBGP: Denial of service via out-of-bounds read in BMP Parser

Summary: CVE-2026-7737 github.com/osrg/gobgp: osrg GoBGP: Denial of service via out-of...

Keywords:
Status:	NEW
Alias:	CVE-2026-7737
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2480847
Blocks:
TreeView+	depends on / blocked

Reported:	2026-05-04 07:02 UTC by OSIDB Bzimport
Modified:	2026-06-02 08:29 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-05-04 07:02:14 UTC

A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated remotely. Upgrading to version 4.4.0 can resolve this issue. The identifier of the patch is bc77597d42335c78464bc8e15a471d887bbdf260. Upgrading the affected component is recommended.

Note You need to log in before you can comment on or make changes to this bug.