Osrg

osrg GoBGP up to version 4.3.0 is vulnerable to an integer underflow in the parseRibEntry function, potentially allowing a remote attacker to cause a denial of service or other unspecified impacts; version 4.4.0 addresses this issue.

A remote buffer overflow vulnerability exists in osrg GoBGP up to version 4.3.0 within the PathAttributeAigp.DecodeFromBytes function, allowing attackers to potentially execute arbitrary code by manipulating the AIGP Attribute Parser.

A remote Denial of Service (DoS) vulnerability exists in GoBGP version 4.2.0 and earlier, where a malformed BGP UPDATE message can trigger a runtime error (index out of range panic), crashing the GoBGP process. This occurs during the processing of 4-byte AS attributes when the message structure causes an internal slice index shift that is not properly handled. A single malicious peer or a malformed route propagated through a transit provider can consistently crash the BGP daemon, leading to a complete loss of routing capabilities.