Skip to content
Threat Feed
medium advisory

GoBGP Remote Denial of Service via Malformed BGP UPDATE Message

A remote Denial of Service (DoS) vulnerability exists in GoBGP version 4.2.0 and earlier, where a malformed BGP UPDATE message can trigger a runtime error (index out of range panic), crashing the GoBGP process. This occurs during the processing of 4-byte AS attributes when the message structure causes an internal slice index shift that is not properly handled. A single malicious peer or a malformed route propagated through a transit provider can consistently crash the BGP daemon, leading to a complete loss of routing capabilities.

A remote Denial of Service vulnerability exists in GoBGP that can be triggered by a malformed BGP UPDATE message, specifically when handling 4-byte AS attributes. The vulnerability, identified as CVE-2026-41643, affects GoBGP version 4.2.0 and earlier. The attack involves sending a crafted BGP UPDATE message that causes an index-out-of-range panic in the UpdatePathAttrs4ByteAs function within internal/pkg/table/message.go. This panic results in the GoBGP process crashing, leading to a loss of routing capabilities. A malicious peer or a malformed route propagated through a transit provider can exploit this vulnerability to consistently crash the BGP daemon. This can disrupt network operations.

Attack Chain

  1. Attacker establishes a BGP peering session with a vulnerable GoBGP instance (version 4.2.0 or earlier).
  2. The attacker crafts a malicious BGP UPDATE message. This message contains both an AS_PATH (Type 2) and an AS4_PATH (Type 17) attribute.
  3. The crafted message orders the attributes such that the AS4_PATH appears before the AS_PATH.
  4. The AS4_PATH attribute is intentionally malformed to trigger a validation error.
  5. The GoBGP process attempts to remove the invalid AS4_PATH attribute from the msg.PathAttributes slice in the UpdatePathAttrs4ByteAs function.
  6. Removing the AS4_PATH causes subsequent attributes in the slice to shift left, altering their indices.
  7. The function attempts to access the AS_PATH attribute using a stale index (asAttrPos) calculated before the slice modification.
  8. Due to the index shift, accessing msg.PathAttributes[asAttrPos] results in an out-of-bounds access, triggering a panic and crashing the GoBGP process, causing a denial of service.

Impact

The vulnerability leads to a remote Denial of Service (DoS) condition. Any GoBGP deployment (v4.2.0 and earlier) that accepts BGP UPDATE messages from peers is vulnerable. A single malicious peer or a malformed route propagated through a transit provider can consistently crash the BGP daemon. This results in a complete loss of routing capabilities, disrupting network services, and causing potential outages.

Recommendation

  • Upgrade GoBGP to a patched version that addresses CVE-2026-41643.
  • Monitor BGP UPDATE messages for malformed AS4_PATH attributes (Type 17) appearing before AS_PATH attributes (Type 2) using a network intrusion detection system.
  • Implement rate limiting on BGP UPDATE messages from untrusted peers to mitigate the impact of a DoS attack.

Detection coverage 2

Detect GoBGP AS4_PATH Attribute Before AS_PATH

medium

Detects BGP UPDATE messages with AS4_PATH (Type 17) appearing before AS_PATH (Type 2), which can be indicative of a crafted malicious message targeting CVE-2026-41643.

sigma tactics: impact techniques: T1499.004 sources: network_connection, linux

Detect GoBGP Crash via Syslog Message

critical

Detects GoBGP crashes based on syslog messages indicating a panic.

sigma tactics: impact techniques: T1499.004 sources: system, linux

Detection queries are kept inside the platform. Get full rules →