Ovn: ovn: information disclosure via crafted dhcpv6 packets_CVE-2026-5367

8.6 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Description

A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port.

AI Analysis

Information disclosure via crafted DHCPv6 packets in OVN

Basic Information

ID CVE-2026-5367

Source redhat

Published Apr 24, 2026 at 12:25

Modified Apr 24, 2026 at 13:37

Affected Product

Vendor Red Hat

Product Fast Datapath for RHEL 7

CWE Classification

CWE-130

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Red Hat

Product OVN (Open Virtual Network)

References

{
    "lastseen": "",
    "description": "A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port.",
    "published": "2026-04-24T12:25:05.024Z",
    "modified": "2026-04-24T13:37:14.640Z",
    "type": "cve",
    "title": "Ovn: ovn: information disclosure via crafted dhcpv6 packets",
    "source": "redhat",
    "references": "https://access.redhat.com/security/cve/CVE-2026-5367\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2455863",
    "id": "CVE-2026-5367",
    "bulletinFamily": "",
    "cwe": [
        "CWE-130"
    ],
    "cvelist": null,
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Fast Datapath for RHEL 7",
    "version": "",
    "vendor": "Red Hat",
    "ai_description": "Information disclosure via crafted DHCPv6 packets in OVN",
    "ai_severity": "High",
    "ai_vendor": "Red Hat",
    "ai_product": "OVN (Open Virtual Network)",
    "ai_version": "",
    "ai_score": 8.6
}