Package impact
Go / github.com/osrg/gobgp/v4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42285 | high | 7.5 | 7.5 | 22d ago | GoBGP has a panic in AdjRib.Update via malformed BGP Update message (Nil Pointer Dereference) | |||
| CVE-2026-41643 | high | 7.5 | 7.5 | 22d ago | GoBGP has Remote Denial of Service (Panic) in UpdatePathAttrs4ByteAs via Malformed BGP UPDATE | |||
| CVE-2026-41642 | high | 7.5 | 7.5 | 22d ago | GoBGP has Remote Denial of Service (Panic) via Malformed Well-known Path Attribute | |||
| CVE-2026-37461 | high | 7.5 | 7.5 | 25d ago | GoBGP has an out-of-bounds read in the ParseIP6Extended function | |||
| CVE-2026-7736 | high | 7.5 | 7.5 | 26d ago | GoBGP has an Integer Underflow Issue | |||
| CVE-2026-7734 | high | 7.5 | 7.5 | 26d ago | GoBGP has an Improper Resource Shutdown or Release | |||
| CVE-2026-30405 | unknown | — | — | 2mo ago | An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_HOP path attribute |