Submit #807600: GoBGP 4.3.0 Improper Input Validationinfo

TitleGoBGP 4.3.0 Improper Input Validation
DescriptionDiscovery / credits: Siru Ren, School of Cybersecurity, Northwestern Polytechnical University; Xiangjun Sun, School of Cybersecurity, Northwestern Polytechnical University; Jiahao Lei, School of Cybersecurity, Northwestern Polytechnical University; Zhouyan Deng, School of Cybersecurity, Northwestern Polytechnical University; Jiajia Liu, School of Cybersecurity, Northwestern Polytechnical University. A vulnerability was found in GoBGP 4.3.0 in the AIGP attribute parser. It has been classified as improper input validation. The issue is located in pkg/packet/bgp/bgp.go in the function PathAttributeAigp.DecodeFromBytes(). When a TLV's declared length exceeds the remaining buffer, the parser uses break to silently stop processing instead of returning an explicit error. In the AIGP_TLV_IGP_METRIC branch, a too-short TLV is also silently ignored in the same way. This behavior may cause malformed TLVs and subsequent TLVs to be silently discarded, while only a generic length error is reported later. A crafted BGP UPDATE containing an AIGP attribute may exploit this logic to manipulate route metric handling by causing important metric TLVs to be dropped. Affected file: pkg/packet/bgp/bgp.go Affected function: PathAttributeAigp.DecodeFromBytes() Impact: Route metric manipulation via silent data truncation.
Source⚠️ https://github.com/osrg/gobgp/commit/51ad1ada06cb41ce47b7066799981816f50b7ced
User
 rensiru (UID 96440)
Submission04/18/2026 10:30 (3 months ago)
Moderation05/03/2026 18:16 (15 days later)
StatusAccepted
VulDB entry360910 [osrg GoBGP up to 4.3.0 AIGP Attribute Parser pkg/packet/bgp/bgp.go PathAttributeAigp.DecodeFromBytes buffer overflow]
Points20

Want to know what is going to be exploited?

We predict KEV entries!