HarborGuard / CVE
Back to search
HIGHCVE-2026-5367Published Modified CNA redhat

CVE-2026-5367: Ovn: ovn: information disclosure via crafted dhcpv6 packets

A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port.

Metrics

CVSS v3.1
8.6
Severity
HIGH
Fixed in
0:21.12.0-145.el8fdp
Affected Products
24

Fix available

0:21.12.0-145.el8fdp0:23.06.4-30.el8fdp0:23.06.4-30.el9fdp0:23.09.6-16.el9fdp0:24.03.7-82.el9fdp0:25.03.2-100.el9fdp0:25.09.2-103.el9fdp
Affected packages
  • Red Hat / Fast Datapath for Red Hat Enterprise Linux 8
    Fixed in 0:21.12.0-145.el8fdp
  • Red Hat / Fast Datapath for Red Hat Enterprise Linux 8
    Fixed in 0:23.06.4-30.el8fdp
  • Red Hat / Fast Datapath for Red Hat Enterprise Linux 9
    Fixed in 0:23.06.4-30.el9fdp
  • Red Hat / Fast Datapath for Red Hat Enterprise Linux 9
    Fixed in 0:23.09.6-16.el9fdp
  • Red Hat / Fast Datapath for Red Hat Enterprise Linux 9
    Fixed in 0:24.03.7-82.el9fdp
  • Red Hat / Fast Datapath for Red Hat Enterprise Linux 9
    Fixed in 0:25.03.2-100.el9fdp
  • Red Hat / Fast Datapath for Red Hat Enterprise Linux 9
    Fixed in 0:25.09.2-103.el9fdp
  • Red Hat / Fast Datapath for RHEL 10
  • Red Hat / Fast Datapath for RHEL 10
  • Red Hat / Fast Datapath for RHEL 8
  • Red Hat / Fast Datapath for RHEL 8
  • Red Hat / Fast Datapath for RHEL 8
  • Red Hat / Fast Datapath for RHEL 8
  • Red Hat / Fast Datapath for RHEL 9
  • Red Hat / Fast Datapath for RHEL 9
  • Red Hat / Red Hat OpenShift Container Platform 4
  • Red Hat / Red Hat OpenShift Container Platform 4
  • Red Hat / Red Hat OpenShift Container Platform 4
  • Red Hat / Red Hat OpenShift Container Platform 4
  • Red Hat / Red Hat OpenShift Container Platform 4
  • Red Hat / Red Hat OpenShift Container Platform 4
  • Red Hat / Red Hat OpenShift Container Platform 4
  • Red Hat / Red Hat OpenShift Container Platform 4
  • Red Hat / Red Hat OpenShift Container Platform 4
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
References