CVE-2026-5123 | osrg GoBGP up to 4.3.0 pkg/packet/bgp/bgp.go DecodeFromBytes data[1] off-by-one (ID 3342)

Inserito da Angelo Barbosa | Mar 30, 2026 | CVE

A vulnerability labeled as problematic has been found in osrg GoBGP up to 4.3.0. This impacts the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go. Executing a manipulation of the argument data[1] can lead to off-by-one.

The identification of this vulnerability is CVE-2026-5123. The attack may be launched remotely. There is no exploit available.

A patch should be applied to remediate this issue.

CVE-2026-5123 | osrg GoBGP up to 4.3.0 pkg/packet/bgp/bgp.go DecodeFromBytes data[1] off-by-one (ID 3342)

Post correlati

CVE-2025-4822 | Bayraktar Solar Energies ScadaWatt Otopilot prior 27.05.2025 sql injection

CVE-2023-43999 | COLORFUL_laundry mini-app on Line 13.6.1 Channel Access Token information disclosure

CVE-2025-62795 | JumpServer up to 3.10.20-lts/4.10.11-lts WebSocket Endpoint /ws/ldap/ authorization (GHSA-7893-256)

CVE-2024-6347 | Nissan Altima 2022 Blind Spot Detection Sensor ECU Firmware denial of service