Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-2cnf-zyh4-cuex
SummaryGoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent attribute lengths, it improperly handles the internal state transition to a "withdraw" action, leading to a nil pointer dereference in the AdjRib.Update function. This causes the entire GoBGP process to crash, resulting in a complete loss of service availability. This issue has been patched in version 4.5.0.
Aliases
0
alias CVE-2026-42285
1
alias GHSA-p3w2-64xm-833j
Fixed_packages
0
url pkg:deb/debian/gobgp@0?distro=trixie
purl pkg:deb/debian/gobgp@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gobgp@0%3Fdistro=trixie
1
url pkg:deb/debian/gobgp@2.25.0-2?distro=trixie
purl pkg:deb/debian/gobgp@2.25.0-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cs3-k74w-kygg
1
vulnerability VCID-1eqn-8akp-k3c5
2
vulnerability VCID-42da-ds2p-23ce
3
vulnerability VCID-5jty-ypkz-sqag
4
vulnerability VCID-6x8j-xcy5-suh4
5
vulnerability VCID-8mzj-45bc-47a7
6
vulnerability VCID-a46x-umu5-fybq
7
vulnerability VCID-b759-xchn-5qf5
8
vulnerability VCID-c8za-h2xs-eqhs
9
vulnerability VCID-cxbw-zm2u-5bbe
10
vulnerability VCID-ha64-6fyw-nuag
11
vulnerability VCID-k7du-sx9c-6ff7
12
vulnerability VCID-u8e1-cw3d-nubf
13
vulnerability VCID-v1de-mjt7-kbfh
14
vulnerability VCID-yxkx-wf6f-b3hj
15
vulnerability VCID-yzby-pf8a-gqhs
16
vulnerability VCID-yznm-d9m5-9uf9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gobgp@2.25.0-2%3Fdistro=trixie
2
url pkg:deb/debian/gobgp@3.10.0-1?distro=trixie
purl pkg:deb/debian/gobgp@3.10.0-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1cs3-k74w-kygg
1
vulnerability VCID-1eqn-8akp-k3c5
2
vulnerability VCID-42da-ds2p-23ce
3
vulnerability VCID-5jty-ypkz-sqag
4
vulnerability VCID-6x8j-xcy5-suh4
5
vulnerability VCID-8mzj-45bc-47a7
6
vulnerability VCID-a46x-umu5-fybq
7
vulnerability VCID-b759-xchn-5qf5
8
vulnerability VCID-c8za-h2xs-eqhs
9
vulnerability VCID-cxbw-zm2u-5bbe
10
vulnerability VCID-ha64-6fyw-nuag
11
vulnerability VCID-k7du-sx9c-6ff7
12
vulnerability VCID-qf45-39ad-uqh6
13
vulnerability VCID-u8e1-cw3d-nubf
14
vulnerability VCID-v1de-mjt7-kbfh
15
vulnerability VCID-yxkx-wf6f-b3hj
16
vulnerability VCID-yzby-pf8a-gqhs
17
vulnerability VCID-yznm-d9m5-9uf9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gobgp@3.10.0-1%3Fdistro=trixie
3
url pkg:deb/debian/gobgp@3.36.0-2?distro=trixie
purl pkg:deb/debian/gobgp@3.36.0-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1eqn-8akp-k3c5
1
vulnerability VCID-42da-ds2p-23ce
2
vulnerability VCID-5jty-ypkz-sqag
3
vulnerability VCID-6x8j-xcy5-suh4
4
vulnerability VCID-a46x-umu5-fybq
5
vulnerability VCID-b759-xchn-5qf5
6
vulnerability VCID-c8za-h2xs-eqhs
7
vulnerability VCID-ha64-6fyw-nuag
8
vulnerability VCID-k7du-sx9c-6ff7
9
vulnerability VCID-u8e1-cw3d-nubf
10
vulnerability VCID-v1de-mjt7-kbfh
11
vulnerability VCID-yxkx-wf6f-b3hj
12
vulnerability VCID-yzby-pf8a-gqhs
13
vulnerability VCID-yznm-d9m5-9uf9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gobgp@3.36.0-2%3Fdistro=trixie
4
url pkg:deb/debian/gobgp@4.5.0-1?distro=trixie
purl pkg:deb/debian/gobgp@4.5.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gobgp@4.5.0-1%3Fdistro=trixie
5
url pkg:deb/debian/gobgp@4.6.0-1?distro=trixie
purl pkg:deb/debian/gobgp@4.6.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gobgp@4.6.0-1%3Fdistro=trixie
6
url pkg:golang/github.com/osrg/gobgp/v4@4.5.0
purl pkg:golang/github.com/osrg/gobgp/v4@4.5.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/osrg/gobgp/v4@4.5.0
Affected_packages
0
url pkg:golang/github.com/osrg/gobgp/v4@4.4.0
purl pkg:golang/github.com/osrg/gobgp/v4@4.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2cnf-zyh4-cuex
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/osrg/gobgp/v4@4.4.0
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42285
reference_id
reference_type
scores
0
value 0.00193
scoring_system epss
scoring_elements 0.41252
published_at 2026-06-12T12:55:00Z
1
value 0.00193
scoring_system epss
scoring_elements 0.41263
published_at 2026-06-14T12:55:00Z
2
value 0.00193
scoring_system epss
scoring_elements 0.41086
published_at 2026-06-11T12:55:00Z
3
value 0.00193
scoring_system epss
scoring_elements 0.41272
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42285
1
reference_url https://github.com/osrg/gobgp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/osrg/gobgp
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42285
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42285
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136049
reference_id 1136049
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136049
4
reference_url https://github.com/osrg/gobgp/security/advisories/GHSA-p3w2-64xm-833j
reference_id GHSA-p3w2-64xm-833j
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:04:33Z/
url https://github.com/osrg/gobgp/security/advisories/GHSA-p3w2-64xm-833j
5
reference_url https://github.com/osrg/gobgp/releases/tag/v4.5.0
reference_id v4.5.0
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:04:33Z/
url https://github.com/osrg/gobgp/releases/tag/v4.5.0
Weaknesses
0
cwe_id 476
name NULL Pointer Dereference
description A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-2cnf-zyh4-cuex