EUVD-2026-25420
Improper Handling of Length Parameter Inconsistency (CWE-130)
2026-04-24
GHSA-whr7-6788-jg2p
GHSA-whr7-6788-jg2p
6.5
CVSS 3.1
Share
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
High
Lifecycle Timeline
2
Analysis Generated
Apr 24, 2026 - 15:15 vuln.today
CVSS changed
Apr 24, 2026 - 13:22 NVD
6.5 (MEDIUM)
Description PRE-NVD
Disclosed via oss-security. NVD scoring and full description are pending.
AnalysisAI
Heap over-read in OVN's ICMP error response generation allows remote attackers to leak sensitive memory contents, causing information disclosure and potential denial of service. The vulnerability affects OVN versions prior to the 2026 security update, exploitable over the network without authentication or user interaction via crafted ICMP packets. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).