9.1

CVE-2026-23455

EPSS 0.08%
Veröffentlicht 03.04.2026 15:15:36
Zuletzt bearbeitet 27.04.2026 14:16:33
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()

In DecodeQ931(), the UserUserIE code path reads a 16-bit length from
the packet, then decrements it by 1 to skip the protocol discriminator
byte before passing it to DecodeH323_UserInformation(). If the encoded
length is 0, the decrement wraps to -1, which is then passed as a
large value to the decoder, leading to an out-of-bounds read.

Add a check to ensure len is positive after the decrement.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

CNA 2 VulnDex Vulnerability Enrichment 13

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 5e35941d990123f155b02d5663e51a24f816b6f3

Version < 2121f5fbe88daff0f1fc5bc47d359426c74b86b0

Status affected

Version 5e35941d990123f155b02d5663e51a24f816b6f3

Version < 65fa92f79677858b14b9e4b7275f26639afe2710

Status affected

Version 5e35941d990123f155b02d5663e51a24f816b6f3

Version < 495e97af9e7249ee02b72bb1d0848a6efc3700f4

Status affected

Version 5e35941d990123f155b02d5663e51a24f816b6f3

Version < f5e4f4e4cdb75ec36802059a94195a31f193da60

Status affected

Version 5e35941d990123f155b02d5663e51a24f816b6f3

Version < 633e8f87dad32263f6a57dccdb873f042c062111

Status affected

Version 5e35941d990123f155b02d5663e51a24f816b6f3

Version < 9d00fe7d6d7c5b5f1065a6e042b54f2e44bd6df8

Status affected

Version 5e35941d990123f155b02d5663e51a24f816b6f3

Version < b652b05d51003ac074b912684f9ec7486231717b

Status affected

Version 5e35941d990123f155b02d5663e51a24f816b6f3

Version < f173d0f4c0f689173f8cdac79991043a4a89bf66

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.17

Status affected

Version 0

Version < 2.6.17

Status unaffected

Version <= 5.10.*

Version 5.10.253

Status unaffected

Version <= 5.15.*

Version 5.15.203

Status unaffected

Version <= 6.1.*

Version 6.1.167

Status unaffected

Version <= 6.6.*

Version 6.6.130

Status unaffected

Version <= 6.12.*

Version 6.12.78

Status unaffected

Version <= 6.18.*

Version 6.18.20

Status unaffected

Version <= 6.19.*

Version 6.19.10

Status unaffected

Version <= *

Version 7.0

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.225

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/495e97af9e7249ee02b72bb1d0848a6efc3700f4

https://git.kernel.org/stable/c/f5e4f4e4cdb75ec36802059a94195a31f193da60

https://git.kernel.org/stable/c/633e8f87dad32263f6a57dccdb873f042c062111

https://git.kernel.org/stable/c/9d00fe7d6d7c5b5f1065a6e042b54f2e44bd6df8

https://git.kernel.org/stable/c/b652b05d51003ac074b912684f9ec7486231717b

https://git.kernel.org/stable/c/f173d0f4c0f689173f8cdac79991043a4a89bf66

https://git.kernel.org/stable/c/2121f5fbe88daff0f1fc5bc47d359426c74b86b0

https://git.kernel.org/stable/c/65fa92f79677858b14b9e4b7275f26639afe2710

https://nvd.nist.gov/vuln/detail/CVE-2026-23455

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23455

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23455

EUVD