{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72261?format=json","vulnerability_id":"VCID-ha64-6fyw-nuag","summary":"A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this issue. This patch is called 76d911046344a3923cbe573364197aa081944592. It is suggested to upgrade the affected component.","aliases":[{"alias":"CVE-2026-7736"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43806?format=json","purl":"pkg:deb/debian/gobgp@4.4.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gobgp@4.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/43802?format=json","purl":"pkg:deb/debian/gobgp@4.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gobgp@4.6.0-1%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43799?format=json","purl":"pkg:deb/debian/gobgp@2.25.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cs3-k74w-kygg"},{"vulnerability":"VCID-1eqn-8akp-k3c5"},{"vulnerability":"VCID-42da-ds2p-23ce"},{"vulnerability":"VCID-5jty-ypkz-sqag"},{"vulnerability":"VCID-6x8j-xcy5-suh4"},{"vulnerability":"VCID-8mzj-45bc-47a7"},{"vulnerability":"VCID-a46x-umu5-fybq"},{"vulnerability":"VCID-b759-xchn-5qf5"},{"vulnerability":"VCID-c8za-h2xs-eqhs"},{"vulnerability":"VCID-cxbw-zm2u-5bbe"},{"vulnerability":"VCID-ha64-6fyw-nuag"},{"vulnerability":"VCID-k7du-sx9c-6ff7"},{"vulnerability":"VCID-u8e1-cw3d-nubf"},{"vulnerability":"VCID-v1de-mjt7-kbfh"},{"vulnerability":"VCID-yxkx-wf6f-b3hj"},{"vulnerability":"VCID-yzby-pf8a-gqhs"},{"vulnerability":"VCID-yznm-d9m5-9uf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gobgp@2.25.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/43800?format=json","purl":"pkg:deb/debian/gobgp@3.10.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1cs3-k74w-kygg"},{"vulnerability":"VCID-1eqn-8akp-k3c5"},{"vulnerability":"VCID-42da-ds2p-23ce"},{"vulnerability":"VCID-5jty-ypkz-sqag"},{"vulnerability":"VCID-6x8j-xcy5-suh4"},{"vulnerability":"VCID-8mzj-45bc-47a7"},{"vulnerability":"VCID-a46x-umu5-fybq"},{"vulnerability":"VCID-b759-xchn-5qf5"},{"vulnerability":"VCID-c8za-h2xs-eqhs"},{"vulnerability":"VCID-cxbw-zm2u-5bbe"},{"vulnerability":"VCID-ha64-6fyw-nuag"},{"vulnerability":"VCID-k7du-sx9c-6ff7"},{"vulnerability":"VCID-qf45-39ad-uqh6"},{"vulnerability":"VCID-u8e1-cw3d-nubf"},{"vulnerability":"VCID-v1de-mjt7-kbfh"},{"vulnerability":"VCID-yxkx-wf6f-b3hj"},{"vulnerability":"VCID-yzby-pf8a-gqhs"},{"vulnerability":"VCID-yznm-d9m5-9uf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gobgp@3.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/43801?format=json","purl":"pkg:deb/debian/gobgp@3.36.0-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1eqn-8akp-k3c5"},{"vulnerability":"VCID-42da-ds2p-23ce"},{"vulnerability":"VCID-5jty-ypkz-sqag"},{"vulnerability":"VCID-6x8j-xcy5-suh4"},{"vulnerability":"VCID-a46x-umu5-fybq"},{"vulnerability":"VCID-b759-xchn-5qf5"},{"vulnerability":"VCID-c8za-h2xs-eqhs"},{"vulnerability":"VCID-ha64-6fyw-nuag"},{"vulnerability":"VCID-k7du-sx9c-6ff7"},{"vulnerability":"VCID-u8e1-cw3d-nubf"},{"vulnerability":"VCID-v1de-mjt7-kbfh"},{"vulnerability":"VCID-yxkx-wf6f-b3hj"},{"vulnerability":"VCID-yzby-pf8a-gqhs"},{"vulnerability":"VCID-yznm-d9m5-9uf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gobgp@3.36.0-2%3Fdistro=trixie"}],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7736","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7736"},{"reference_url":"https://vuldb.com/vuln/360911","reference_id":"360911","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T10:37:13Z/"}],"url":"https://vuldb.com/vuln/360911"},{"reference_url":"https://github.com/osrg/gobgp/commit/76d911046344a3923cbe573364197aa081944592","reference_id":"76d911046344a3923cbe573364197aa081944592","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T10:37:13Z/"}],"url":"https://github.com/osrg/gobgp/commit/76d911046344a3923cbe573364197aa081944592"},{"reference_url":"https://vuldb.com/submit/807604","reference_id":"807604","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T10:37:13Z/"}],"url":"https://vuldb.com/submit/807604"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:osrg:gobgp:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:osrg:gobgp:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:osrg:gobgp:*:*:*:*:*:*:*:*"},{"reference_url":"https://vuldb.com/vuln/360911/cti","reference_id":"cti","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T10:37:13Z/"}],"url":"https://vuldb.com/vuln/360911/cti"},{"reference_url":"https://github.com/osrg/gobgp/","reference_id":"gobgp","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T10:37:13Z/"}],"url":"https://github.com/osrg/gobgp/"},{"reference_url":"https://github.com/osrg/gobgp/releases/tag/v4.4.0","reference_id":"v4.4.0","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T10:37:13Z/"}],"url":"https://github.com/osrg/gobgp/releases/tag/v4.4.0"}],"weaknesses":[{"cwe_id":189,"name":"Numeric Errors","description":"Weaknesses in this category are related to improper calculation or conversion of numbers."},{"cwe_id":191,"name":"Integer Underflow (Wrap or Wraparound)","description":"The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result."}],"exploits":[],"severity_range_score":"6.9 - 7.5","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ha64-6fyw-nuag"}