CVE-2026-7737

MEDIUM 5.3

osrg GoBGP BMP Parser bmp.go BMPStatisticsReport.ParseBody out-of-bounds

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated remotely. Upgrading to version 4.4.0 can resolve this issue. The identifier of the patch is bc77597d42335c78464bc8e15a471d887bbdf260. Upgrading the affected component is recommended.

CWE	CWE-125 CWE-119
Vendor	osrg
Product	gobgp
Published	May 4, 2026

Stay Ahead of the Next One

Get instant alerts for osrg gobgp

Be the first to know when new medium vulnerabilities affecting osrg gobgp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

osrg / GoBGP

4.0 4.1 4.2 4.3.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/360912 vuldb.com: https://vuldb.com/vuln/360912/cti vuldb.com: https://vuldb.com/submit/807605 github.com: https://github.com/osrg/gobgp/commit/bc77597d42335c78464bc8e15a471d887bbdf260 github.com: https://github.com/osrg/gobgp/releases/tag/v4.4.0 github.com: https://github.com/osrg/gobgp/

Credits

🔍 Sunxj (VulDB User)