HomeDescription
A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in a Denial of Service (DoS) for the affected system.
PUBLISHED Reserved 2026-03-31 | Published 2026-05-05 | Updated 2026-05-06 | Assigner redhat
MEDIUM: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Problem types
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Product status
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Timeline
| 2026-03-31: | Reported to Red Hat. |
| 2026-03-31: | Made public. |
Credits
Red Hat would like to thank Seiji Sakurai for reporting this issue.
References
www.openwall.com/lists/oss-security/2026/03/31/15
access.redhat.com/security/cve/CVE-2026-34956 vdb-entry
bugzilla.redhat.com/show_bug.cgi?id=2453459 (RHBZ#2453459) issue-tracking
cve.org (CVE-2026-34956)
nvd.nist.gov (CVE-2026-34956)
Download JSON
