Home

Description

OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulnerability in the mpls_do_error function within sys/netmpls/mpls_input.c that allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack bit set.

PUBLISHED Reserved 2026-06-18 | Published 2026-06-18 | Updated 2026-06-21 | Assigner VulnCheck




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

Out-of-bounds Read

Product status

Default status
affected

Any version before 6a23123ec05f1eb29cfcaae0f3a468b2e1983cfd
affected

Credits

Argus Systems finder

References

www.openwall.com/lists/oss-security/2026/06/19/3

seclists.org/fulldisclosure/2026/Jun/17

pop.argus-systems.ai/advisory/adv-040.html technical-description exploit

github.com/...ommit/6a23123ec05f1eb29cfcaae0f3a468b2e1983cfd patch

www.vulncheck.com/...-stack-memory-disclosure-via-mpls-input third-party-advisory

cve.org (CVE-2026-56099)

nvd.nist.gov (CVE-2026-56099)

Download JSON