CVE-2026-7736
MEDIUM
6,9
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
HIGH
7,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: low
Availability: low
HIGH
7,5
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial
Description
AI Translation Available
A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this issue. This patch is called 76d911046344a3923cbe573364197aa081944592. It is suggested to upgrade the affected component.
191
Integer Underflow (Wrap or Wraparound)
DraftCommon Consequences
Security Scopes Affected:
Availability
Integrity
Confidentiality
Access Control
Potential Impacts:
Dos: Crash, Exit, Or Restart
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Dos: Instability
Modify Memory
Execute Unauthorized Code Or Commands
Bypass Protection Mechanism
Applicable Platforms
Languages:
C, C#, C++, Java
https://github.com/osrg/gobgp/
https://github.com/osrg/gobgp/commit/76d911046344a3923cbe573364197aa081944592
https://github.com/osrg/gobgp/releases/tag/v4.4.0
https://vuldb.com/submit/807604
https://vuldb.com/vuln/360911
https://vuldb.com/vuln/360911/cti