UBUNTU-CVE-2026-7734

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-7734

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7734.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-7734

Upstream

CVE-2026-7734

Downstream

USN-8348-1

Related

USN-8348-1

Published

2026-05-04T06:16:00Z

Modified

2026-06-03T09:15:14.707607948Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefix_sid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. The attack may be performed from remote. Upgrading to version 4.4.0 will fix this issue. The name of the patch is f9f7b55ec258e514be0264871fa645a2c3edad11. You should upgrade the affected component.

References

Affected packages

Ubuntu:Pro:22.04:LTS / gobgp

Package

Name: gobgp
Purl: pkg:deb/ubuntu/gobgp?arch=source&distro=esm-apps%2Fjammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.25.0-3ubuntu0.1+esm4

Affected versions

2.*

2.25.0-2

2.25.0-3

2.25.0-3build1

2.25.0-3ubuntu0.1

2.25.0-3ubuntu0.1+esm1

2.25.0-3ubuntu0.1+esm2

2.25.0-3ubuntu0.1+esm3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "gobgpd",
            "binary_version": "2.25.0-3ubuntu0.1+esm4"
        },
        {
            "binary_name": "golang-github-osrg-gobgp-dev",
            "binary_version": "2.25.0-3ubuntu0.1+esm4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7734.json"

Ubuntu:Pro:24.04:LTS / gobgp

Package

Name: gobgp
Purl: pkg:deb/ubuntu/gobgp?arch=source&distro=esm-apps%2Fnoble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.23.0-1ubuntu0.3+esm4

Affected versions

3.*

3.16.0-1build1

3.19.0-1

3.21.0-1

3.23.0-1

3.23.0-1ubuntu0.1

3.23.0-1ubuntu0.2

3.23.0-1ubuntu0.2+esm1

3.23.0-1ubuntu0.3

3.23.0-1ubuntu0.3+esm1

3.23.0-1ubuntu0.3+esm2

3.23.0-1ubuntu0.3+esm3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "gobgpd",
            "binary_version": "3.23.0-1ubuntu0.3+esm4"
        },
        {
            "binary_name": "golang-github-osrg-gobgp-dev",
            "binary_version": "3.23.0-1ubuntu0.3+esm4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7734.json"

Ubuntu:25.10 / gobgp

Package

Name: gobgp
Purl: pkg:deb/ubuntu/gobgp?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.35.0-1

3.36.0-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "gobgpd",
            "binary_version": "3.36.0-2"
        },
        {
            "binary_name": "golang-github-osrg-gobgp-dev",
            "binary_version": "3.36.0-2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7734.json"

Ubuntu:Pro:26.04:LTS / gobgp

Package

Name: gobgp
Purl: pkg:deb/ubuntu/gobgp?arch=source&distro=esm-apps%2Fresolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.36.0-2ubuntu0.1~esm1

Affected versions

3.*

3.36.0-2

3.36.0-2build1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "gobgpd",
            "binary_version": "3.36.0-2ubuntu0.1~esm1"
        },
        {
            "binary_name": "golang-github-osrg-gobgp-dev",
            "binary_version": "3.36.0-2ubuntu0.1~esm1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7734.json"