CVE-2026-41643

HighPublic PoC

Published: 07 May 2026

Published

07 May 2026

Modified

07 May 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0011 29.8th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial of Service (DoS) vulnerability exists in GoBGP where a malformed BGP UPDATE message can trigger a runtime error:…

index out of range panic. This occurs during the processing of 4-byte AS attributes when the message structure causes an internal slice index shift that is not properly handled. This issue has been patched in version 4.3.0.

Security SummaryAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-129

Affected Products

osrg

gobgp

≤ 4.3.0

References

https://github.com/osrg/gobgp/releases/tag/v4.3.0
Patch, Release Notes · security-advisories@github.com
https://github.com/osrg/gobgp/security/advisories/GHSA-8rxh-r2p6-7f2q
Exploit, Vendor Advisory · security-advisories@github.com
https://github.com/osrg/gobgp/security/advisories/GHSA-8rxh-r2p6-7f2q
Exploit, Vendor Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0