CVE-2026-30405

HIGH7.5EPSS 0.22%

GoBGP vulnerable to a denial of service via the NEXT_HOP path attribute

發布日:2026/3/16修改日:2026/4/7

也稱為:GHSA-4p9m-8gc4-rw2hGO-2026-4736

描述

An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_HOP path attribute.

受影響套件(5)

Debian/gobgpfrom 0
Go/github.com/osrg/gobgpfrom 0
Go/github.com/osrg/gobgp/v3from 0
Go/github.com/osrg/gobgp/v4from 0, <= 4.3.0
Go/github.com/osrg/gobgp/v4from 0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

參考連結(6)