8.6
CVE-2026-5367
- EPSS 0.87%
- Veröffentlicht 24.04.2026 12:25:05
- Zuletzt bearbeitet 30.06.2026 03:21:06
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Ovn: ovn: information disclosure via crafted dhcpv6 packets
A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerRed Hat
≫
Produkt
Fast Datapath for Red Hat Enterprise Linux 10
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Fast Datapath for Red Hat Enterprise Linux 8
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Fast Datapath for Red Hat Enterprise Linux 9
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Fast Datapath for RHEL 8
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Fast Datapath for RHEL 9
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat OpenShift Container Platform 4
Default Statusaffected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.87% | 0.54 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 8.6 | 3.9 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 8.6 | 3.9 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
CWE-130 Improper Handling of Length Parameter Inconsistency
The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.
https://access.redhat.com/security/cve/CVE-2026-5367
https://bugzilla.redhat.com/show_bug.cgi?id=2455863
http://www.openwall.com/lists/oss-security/2026/04/20/3
http://www.openwall.com/lists/oss-security/2026/04/20/5
https://access.redhat.com/errata/RHSA-2026:11694
https://access.redhat.com/errata/RHSA-2026:11696
https://access.redhat.com/errata/RHSA-2026:11702
https://access.redhat.com/errata/RHSA-2026:11695
https://access.redhat.com/errata/RHSA-2026:11698
https://access.redhat.com/errata/RHSA-2026:11700
https://access.redhat.com/errata/RHSA-2026:11701
https://access.redhat.com/errata/RHSA-2026:22110
https://access.redhat.com/errata/RHSA-2026:22111
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5367.json