CVE-2026-23456
Published: Apr 3, 2026
Modified: May 11, 2026
CVSS v3.1
8.2
Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case In decode_int(), the CONS case calls get_bits(bs, 2) to read a length value, then calls get_uint(bs, len) without checking that len bytes remain in the buffer. The existing boundary check only validates the 2 bits for get_bits(), not the subsequent 1-4 bytes that get_uint() reads. This allows a malformed H.323/RAS packet to cause a 1-4 byte slab-out-of-bounds read. Add a boundary check for len bytes after get_bits() and before get_uint().
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 5e35941d990123f155b02d5663e51a24f816b6f3 - < a2cd54b9348e485d338b3c132338a4410c99afafaffected 5e35941d990123f155b02d5663e51a24f816b6f3 - < c95dc674ebf01ecfb40388b6facfc89b81fed3b7affected 5e35941d990123f155b02d5663e51a24f816b6f3 - < 41b417ff73a24b2c68134992cc44c88db27f482daffected 5e35941d990123f155b02d5663e51a24f816b6f3 - < 52235bf88159a1ef16434ab49e47e99c8a09ab20affected 5e35941d990123f155b02d5663e51a24f816b6f3 - < 774a434f8c9c8602a976b2536f65d0172a07f4d2+3 more versions |
Linux | Linux | affected 2.6.17unaffected 0 - < 2.6.17unaffected 5.10.253 - <= 5.10.*unaffected 5.15.203 - <= 5.15.*unaffected 6.1.167 - <= 6.1.*+5 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now