Home / mailingsPDF  

[USN-8348-1] GoBGP vulnerabilities

Posted on 03 June 2026
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-8348-1
June 03, 2026

gobgp vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in GoBGP.

Software Description:
- gobgp: BGP implementation in Go

Details:

It was discovered that GoBGP incorrectly handled certain specially crafted
BGP UPDATE messages. A remote attacker could possibly use this issue to
cause GoBGP to crash, resulting in a denial of service. (CVE-2026-37461)

Yanlei Wang discovered that GoBGP incorrectly handled certain malformed BGP
UPDATE messages containing 4-byte AS attributes. A remote attacker could
possibly use this issue to cause GoBGP to crash, resulting in a denial of
service. (CVE-2026-41643)

It was discovered that GoBGP incorrectly handled certain malformed BGP
UPDATE messages containing SRv6 L3 Service attributes. A remote attacker
could possibly use this issue to cause GoBGP to crash, resulting in a
denial of service. (CVE-2026-7734)

It was discovered that GoBGP incorrectly handled certain malformed BGP
UPDATE messages containing Accumulated IGP (AIGP) attributes. A remote
attacker could possibly use this issue to cause GoBGP to crash, resulting
in a denial of service. (CVE-2026-7735)

It was discovered that GoBGP incorrectly handled certain malformed Multi-
threaded Routing Toolkit (MRT) routing information entries. A remote
attacker could possibly use this issue to cause GoBGP to crash, resulting
in a denial of service. (CVE-2026-7736)

It was discovered that GoBGP incorrectly handled certain malformed Multi-
threaded Routing Toolkit (MRT) headers. A remote attacker could possibly
use this issue to cause GoBGP to crash, resulting in a denial of service.
(CVE-2026-7737)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
gobgpd 3.36.0-2ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 24.04 LTS
gobgpd 3.23.0-1ubuntu0.3+esm4
Available with Ubuntu Pro

Ubuntu 22.04 LTS
gobgpd 2.25.0-3ubuntu0.1+esm4
Available with Ubuntu Pro

Ubuntu 20.04 LTS
gobgpd 2.12.0-1ubuntu0.1~esm3
Available with Ubuntu Pro

Ubuntu 18.04 LTS
gobgpd 1.29-1ubuntu0.1+esm2
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8348-1
CVE-2026-37461, CVE-2026-41643, CVE-2026-7734, CVE-2026-7735,
CVE-2026-7736, CVE-2026-7737

--===============7489713411610105911==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :