{"id":"GO-2026-4736","summary":"GoBGP vulnerable to a denial of service via the NEXT_HOP path attribute in github.com/osrg/gobgp","details":"GoBGP vulnerable to a denial of service via the NEXT_HOP path attribute in github.com/osrg/gobgp","aliases":["CVE-2026-30405","GHSA-4p9m-8gc4-rw2h"],"modified":"2026-04-07T15:15:11.573710Z","published":"2026-04-07T14:58:41Z","database_specific":{"url":"https://pkg.go.dev/vuln/GO-2026-4736","review_status":"REVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-4p9m-8gc4-rw2h"},{"type":"FIX","url":"https://github.com/osrg/gobgp/commit/583080a7258e22cc884162e15b078771aa2c2c80"},{"type":"REPORT","url":"https://github.com/osrg/gobgp/issues/3305"}],"affected":[{"package":{"name":"github.com/osrg/gobgp","ecosystem":"Go","purl":"pkg:golang/github.com/osrg/gobgp"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-4736.json"}},{"package":{"name":"github.com/osrg/gobgp/v3","ecosystem":"Go","purl":"pkg:golang/github.com/osrg/gobgp/v3"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-4736.json"}},{"package":{"name":"github.com/osrg/gobgp/v4","ecosystem":"Go","purl":"pkg:golang/github.com/osrg/gobgp/v4"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/osrg/gobgp/v4/pkg/server","symbols":["fsmHandler.recvMessageloop"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2026-4736.json"}}],"schema_version":"1.7.5"}