UBUNTU-CVE-2026-7737

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-7737

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7737.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-7737

Upstream

CVE-2026-7737

Downstream

USN-8348-1

Related

USN-8348-1

Published

2026-05-04T07:16:00Z

Modified

2026-06-03T09:15:18.517893797Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated remotely. Upgrading to version 4.4.0 can resolve this issue. The identifier of the patch is bc77597d42335c78464bc8e15a471d887bbdf260. Upgrading the affected component is recommended.

References

Affected packages

Ubuntu:25.10

gobgp

Package

Name: gobgp
Purl: pkg:deb/ubuntu/gobgp?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.35.0-1

3.36.0-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "gobgpd",
            "binary_version": "3.36.0-2"
        },
        {
            "binary_name": "golang-github-osrg-gobgp-dev",
            "binary_version": "3.36.0-2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7737.json"

Ubuntu:Pro:18.04:LTS

gobgp

Package

Name: gobgp
Purl: pkg:deb/ubuntu/gobgp?arch=source&distro=esm-apps%2Fbionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.29-1ubuntu0.1+esm2

Affected versions

1.*

1.15-1

1.29-1

1.29-1ubuntu0.1+esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "gobgpd",
            "binary_version": "1.29-1ubuntu0.1+esm2"
        },
        {
            "binary_name": "golang-github-osrg-gobgp-dev",
            "binary_version": "1.29-1ubuntu0.1+esm2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7737.json"

Ubuntu:Pro:20.04:LTS

gobgp

Package

Name: gobgp
Purl: pkg:deb/ubuntu/gobgp?arch=source&distro=esm-apps%2Ffocal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.12.0-1ubuntu0.1~esm3

Affected versions

1.*

1.33-1

2.*

2.11.0-1

2.12.0-1

2.12.0-1ubuntu0.1~esm1

2.12.0-1ubuntu0.1~esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "gobgpd",
            "binary_version": "2.12.0-1ubuntu0.1~esm3"
        },
        {
            "binary_name": "golang-github-osrg-gobgp-dev",
            "binary_version": "2.12.0-1ubuntu0.1~esm3"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7737.json"

Ubuntu:Pro:22.04:LTS

gobgp

Package

Name: gobgp
Purl: pkg:deb/ubuntu/gobgp?arch=source&distro=esm-apps%2Fjammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.25.0-3ubuntu0.1+esm4

Affected versions

2.*

2.25.0-2

2.25.0-3

2.25.0-3build1

2.25.0-3ubuntu0.1

2.25.0-3ubuntu0.1+esm1

2.25.0-3ubuntu0.1+esm2

2.25.0-3ubuntu0.1+esm3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "gobgpd",
            "binary_version": "2.25.0-3ubuntu0.1+esm4"
        },
        {
            "binary_name": "golang-github-osrg-gobgp-dev",
            "binary_version": "2.25.0-3ubuntu0.1+esm4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7737.json"

Ubuntu:Pro:24.04:LTS

gobgp

Package

Name: gobgp
Purl: pkg:deb/ubuntu/gobgp?arch=source&distro=esm-apps%2Fnoble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.23.0-1ubuntu0.3+esm4

Affected versions

3.*

3.16.0-1build1

3.19.0-1

3.21.0-1

3.23.0-1

3.23.0-1ubuntu0.1

3.23.0-1ubuntu0.2

3.23.0-1ubuntu0.2+esm1

3.23.0-1ubuntu0.3

3.23.0-1ubuntu0.3+esm1

3.23.0-1ubuntu0.3+esm2

3.23.0-1ubuntu0.3+esm3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "gobgpd",
            "binary_version": "3.23.0-1ubuntu0.3+esm4"
        },
        {
            "binary_name": "golang-github-osrg-gobgp-dev",
            "binary_version": "3.23.0-1ubuntu0.3+esm4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7737.json"

Ubuntu:Pro:26.04:LTS

gobgp

Package

Name: gobgp
Purl: pkg:deb/ubuntu/gobgp?arch=source&distro=esm-apps%2Fresolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.36.0-2ubuntu0.1~esm1

Affected versions

3.*

3.36.0-2

3.36.0-2build1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "gobgpd",
            "binary_version": "3.36.0-2ubuntu0.1~esm1"
        },
        {
            "binary_name": "golang-github-osrg-gobgp-dev",
            "binary_version": "3.36.0-2ubuntu0.1~esm1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7737.json"