CVE-2026-5367 | THREATINT

Description

A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port.

PUBLISHED Reserved 2026-04-01 | Published 2026-04-24 | Updated 2026-04-28 | Assigner redhat

HIGH: 8.6CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Problem types

Improper Handling of Length Parameter Inconsistency

Product status

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Timeline

2026-04-07:	Reported to Red Hat.
2026-04-13:	Made public.

References

www.openwall.com/lists/oss-security/2026/04/20/3

www.openwall.com/lists/oss-security/2026/04/20/5

access.redhat.com/security/cve/CVE-2026-5367 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2455863 (RHBZ#2455863) issue-tracking

cve.org (CVE-2026-5367)

nvd.nist.gov (CVE-2026-5367)

Download JSON