CVE-2026-5367

EUVD-2026-25421
A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Debian logo
Debian Releases
Debian Product
Codename
ovn
bookworm
vulnerable
forky
26.03.0-6
fixed
sid
26.03.0-6
fixed
trixie
vulnerable
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://access.redhat.com/errata/RHSA-2026:11694
https://access.redhat.com/errata/RHSA-2026:11695
https://access.redhat.com/errata/RHSA-2026:11696
https://access.redhat.com/errata/RHSA-2026:11698
https://access.redhat.com/errata/RHSA-2026:11700
https://access.redhat.com/errata/RHSA-2026:11701
https://access.redhat.com/errata/RHSA-2026:11702
https://access.redhat.com/errata/RHSA-2026:22110
https://access.redhat.com/errata/RHSA-2026:22111
https://access.redhat.com/security/cve/CVE-2026-5367
https://bugzilla.redhat.com/show_bug.cgi?id=2455863
http://www.openwall.com/lists/oss-security/2026/04/20/3
http://www.openwall.com/lists/oss-security/2026/04/20/5