Description

A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port.

INFO

Published Date :

2026-04-24T12:25:05.024Z

Last Modified :

2026-04-29T17:46:56.589Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2026-5367 vulnerability.

Vendors Products
Redhat
  • Enterprise Linux
  • Fast Datapath
  • Openshift
  • Openshift Container Platform
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-5367.

URL Resource
http://www.openwall.com/lists/oss-security/2026/04/20/3 cve-icon
http://www.openwall.com/lists/oss-security/2026/04/20/5 cve-icon
https://access.redhat.com/security/cve/CVE-2026-5367 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2455863 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact