top of page
perceptive_background_267k.jpg

An integer underflow in the BGPUpdate.DecodeFromBytes function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a…

Published:

2 juni 2026 om 22:00:00

Alert date:

3 juni 2026 om 20:02:27

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure

An integer underflow vulnerability has been discovered in the BGPUpdate.DecodeFromBytes function of gobgp version 4.3.0. The vulnerability exists in the /bgp/bgp.go file and can be exploited by attackers through crafted BGP UPDATE messages. Successful exploitation leads to Denial of Service conditions. This affects the BGP routing protocol implementation in the gobgp software package. The vulnerability has been assigned CVE-2026-37462 and appears to have a fix available in the project's GitHub repository.

Technical details

Mitigation steps:

Affected products:

gobgp

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-37462
https://github.com/osrg/gobgp/blob/v4.3.0/pkg/packet/bgp/bgp.go
https://github.com/osrg/gobgp/commit/9ce8936672ebc07df524da77fa4c6ae26d92be6d

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page