USN-8348-1: GoBGP vulnerabilities
摘要
Several security issues were fixed in GoBGP.
正文
It was discovered that GoBGP incorrectly handled certain specially crafted BGP UPDATE messages. A remote attacker could possibly use this issue to cause GoBGP to crash, resulting in a denial of service. (CVE-2026-37461) Yanlei Wang discovered that GoBGP incorrectly handled certain malformed BGP UPDATE messages containing 4-byte AS attributes. A remote attacker could possibly use this issue to cause GoBGP to crash, resulting in a denial of service. (CVE-2026-41643) It was discovered that GoBGP incorrectly handled certain malformed BGP UPDATE messages containing SRv6 L3 Service attributes. A remote attacker could possibly use this issue to cause GoBGP to crash, resulting in a denial of service. (CVE-2026-7734) It was discovered that GoBGP incorrectly handled certain malformed BGP UPDATE messages containing Accumulated IGP (AIGP) attributes. A remote attacker could possibly use this issue to cause GoBGP to crash, resulting in a denial of service. (CVE-2026-7735) It was discovered that GoBGP incorrectly handled certain malformed Multi- threaded Routing Toolkit (MRT) routing information entries. A remote attacker could possibly use this issue to cause GoBGP to crash, resulting in a denial of service. (CVE-2026-7736) It was discovered that GoBGP incorrectly handled certain malformed Multi- threaded Routing Toolkit (MRT) headers. A remote attacker could possibly use this issue to cause GoBGP to crash, resulting in a denial of service. (CVE-2026-7737)
标签
- release:bionic
- release:focal
- release:jammy
- release:noble
- release:resolute
- USN
扩展字段
{
"cve_ids": [
"CVE-2026-7737",
"CVE-2026-37461",
"CVE-2026-7734",
"CVE-2026-41643",
"CVE-2026-7735",
"CVE-2026-7736"
],
"guid": "https://ubuntu.com/security/notices/USN-8348-1",
"instructions": "In general, a standard system update will make all the necessary changes.",
"raw_pub_date": "Wed, 03 Jun 2026 04:50:51 +0000",
"release_packages": {
"bionic": [
{
"description": "BGP implementation in Go",
"is_source": true,
"name": "gobgp",
"version": "1.29-1ubuntu0.1+esm2"
},
{
"is_source": false,
"is_visible": true,
"name": "gobgpd",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/gobgp",
"version": "1.29-1ubuntu0.1+esm2",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "golang-github-osrg-gobgp-dev",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/gobgp",
"version": "1.29-1ubuntu0.1+esm2",
"version_link": null
}
],
"focal": [
{
"description": "BGP implementation in Go",
"is_source": true,
"name": "gobgp",
"version": "2.12.0-1ubuntu0.1~esm3"
},
{
"is_source": false,
"is_visible": true,
"name": "gobgpd",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/gobgp",
"version": "2.12.0-1ubuntu0.1~esm3",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "golang-github-osrg-gobgp-dev",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/gobgp",
"version": "2.12.0-1ubuntu0.1~esm3",
"version_link": null
}
],
"jammy": [
{
"description": "BGP implementation in Go",
"is_source": true,
"name": "gobgp",
"version": "2.25.0-3ubuntu0.1+esm4"
},
{
"is_source": false,
"is_visible": true,
"name": "gobgpd",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/gobgp",
"version": "2.25.0-3ubuntu0.1+esm4",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "golang-github-osrg-gobgp-dev",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/gobgp",
"version": "2.25.0-3ubuntu0.1+esm4",
"version_link": null
}
],
"noble": [
{
"description": "BGP implementation in Go",
"is_source": true,
"name": "gobgp",
"version": "3.23.0-1ubuntu0.3+esm4"
},
{
"is_source": false,
"is_visible": true,
"name": "gobgpd",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/gobgp",
"version": "3.23.0-1ubuntu0.3+esm4",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "golang-github-osrg-gobgp-dev",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/gobgp",
"version": "3.23.0-1ubuntu0.3+esm4",
"version_link": null
}
],
"resolute": [
{
"description": "BGP implementation in Go",
"is_source": true,
"name": "gobgp",
"version": "3.36.0-2ubuntu0.1~esm1"
},
{
"is_source": false,
"is_visible": true,
"name": "gobgpd",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/gobgp",
"version": "3.36.0-2ubuntu0.1~esm1",
"version_link": null
},
{
"is_source": false,
"is_visible": false,
"name": "golang-github-osrg-gobgp-dev",
"pocket": "esm-apps",
"source_link": "https://launchpad.net/ubuntu/+source/gobgp",
"version": "3.36.0-2ubuntu0.1~esm1",
"version_link": null
}
]
},
"releases": [
{
"codename": "resolute",
"support_tag": "LTS",
"version": "26.04"
},
{
"codename": "noble",
"support_tag": "LTS",
"version": "24.04"
},
{
"codename": "jammy",
"support_tag": "LTS",
"version": "22.04"
},
{
"codename": "focal",
"support_tag": "ESM",
"version": "20.04"
},
{
"codename": "bionic",
"support_tag": "ESM",
"version": "18.04"
}
]
}