CVE-2026-23455

| EUVD-2026-18711
2026-04-03 Linux GHSA-gm78-p64f-gx97

Lifecycle Timeline

3
Analysis Generated
Apr 03, 2026 - 15:30 vuln.today
EUVD ID Assigned
Apr 03, 2026 - 15:30 euvd
EUVD-2026-18711
CVE Published
Apr 03, 2026 - 15:15 nvd
N/A

Tags

Linux Linux Kernel Information Disclosure

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() In DecodeQ931(), the UserUserIE code path reads a 16-bit length from the packet, then decrements it by 1 to skip the protocol discriminator byte before passing it to DecodeH323_UserInformation(). If the encoded length is 0, the decrement wraps to -1, which is then passed as a large value to the decoder, leading to an out-of-bounds read. Add a check to ensure len is positive after the decrement.

Analysis

Out-of-bounds read in Linux kernel netfilter nf_conntrack_h323 DecodeQ931() function allows remote attackers to trigger a kernel memory disclosure or denial of service by sending a specially crafted H.323 packet with zero-length UserUserIE field, causing integer underflow when a 16-bit length value is decremented without validation. No public exploit code identified at time of analysis, and CVSS severity not quantified in available data.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: 0

Share

CVE-2026-23455 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy