An out-of-bounds read in the ParseIP6Extended function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/37xxx/CVE-2026-37461.json",
"cna_assigner": "mitre"
}