CVE-2026-5367
Gravedad CVSS v3.1:
ALTA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
24/04/2026
Última modificación:
29/04/2026
Descripción
*** Pendiente de traducción *** A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port.
Impacto
Puntuación base 3.x
8.60
Gravedad 3.x
ALTA
Referencias a soluciones, herramientas e información
- https://access.redhat.com/errata/RHSA-2026:11694
- https://access.redhat.com/errata/RHSA-2026:11695
- https://access.redhat.com/errata/RHSA-2026:11696
- https://access.redhat.com/errata/RHSA-2026:11698
- https://access.redhat.com/errata/RHSA-2026:11700
- https://access.redhat.com/errata/RHSA-2026:11701
- https://access.redhat.com/errata/RHSA-2026:11702
- https://access.redhat.com/security/cve/CVE-2026-5367
- https://bugzilla.redhat.com/show_bug.cgi?id=2455863
- http://www.openwall.com/lists/oss-security/2026/04/20/3
- http://www.openwall.com/lists/oss-security/2026/04/20/5