Submit #807600: GoBGP 4.3.0 Improper Input Validation
| Title | GoBGP 4.3.0 Improper Input Validation |
|---|---|
| Description | Discovery / credits: Siru Ren, School of Cybersecurity, Northwestern Polytechnical University; Xiangjun Sun, School of Cybersecurity, Northwestern Polytechnical University; Jiahao Lei, School of Cybersecurity, Northwestern Polytechnical University; Zhouyan Deng, School of Cybersecurity, Northwestern Polytechnical University; Jiajia Liu, School of Cybersecurity, Northwestern Polytechnical University. A vulnerability was found in GoBGP 4.3.0 in the AIGP attribute parser. It has been classified as improper input validation. The issue is located in pkg/packet/bgp/bgp.go in the function PathAttributeAigp.DecodeFromBytes(). When a TLV's declared length exceeds the remaining buffer, the parser uses break to silently stop processing instead of returning an explicit error. In the AIGP_TLV_IGP_METRIC branch, a too-short TLV is also silently ignored in the same way. This behavior may cause malformed TLVs and subsequent TLVs to be silently discarded, while only a generic length error is reported later. A crafted BGP UPDATE containing an AIGP attribute may exploit this logic to manipulate route metric handling by causing important metric TLVs to be dropped. Affected file: pkg/packet/bgp/bgp.go Affected function: PathAttributeAigp.DecodeFromBytes() Impact: Route metric manipulation via silent data truncation. |
| Source | ⚠️ https:/ |
| User | rensiru (UID 96440) |
| Submission | 04/18/2026 10:30 (3 months ago) |
| Moderation | 05/03/2026 18:16 (15 days later) |
| Status | Accepted |
| VulDB entry | 360910 [osrg GoBGP up to 4.3.0 AIGP Attribute Parser pkg/packet/bgp/bgp.go PathAttributeAigp.DecodeFromBytes buffer overflow] |
| Points | 20 |