CVE-2026-5367: Improper Handling of Length Parameter Inconsistency in Red Hat Fast Datapath for RHEL 7
A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port.
AI Analysis
Technical Summary
This vulnerability arises from OVN's improper handling of an inflated Client ID length in DHCPv6 SOLICIT packets, which causes the ovn-controller to read beyond the packet bounds. The out-of-bounds read can disclose sensitive information stored in heap memory to a remote attacker. The CVSS v3.1 score is 8.6, reflecting a high-severity remote vulnerability with no required privileges or user interaction and a confidentiality impact rated as high. The vendor advisory does not currently specify any patch or mitigation.
Potential Impact
A remote attacker can exploit this vulnerability to read sensitive information from heap memory of the ovn-controller process, potentially leading to information disclosure. The vulnerability does not affect integrity or availability directly but compromises confidentiality. No known exploits in the wild have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-5367 for current remediation guidance. Until an official fix is released, consider restricting access to the affected service to trusted networks and monitoring for anomalous DHCPv6 SOLICIT traffic with abnormal Client ID lengths. Do not assume the vulnerability is mitigated without vendor confirmation.
CVE-2026-5367: Improper Handling of Length Parameter Inconsistency in Red Hat Fast Datapath for RHEL 7
Description
A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises from OVN's improper handling of an inflated Client ID length in DHCPv6 SOLICIT packets, which causes the ovn-controller to read beyond the packet bounds. The out-of-bounds read can disclose sensitive information stored in heap memory to a remote attacker. The CVSS v3.1 score is 8.6, reflecting a high-severity remote vulnerability with no required privileges or user interaction and a confidentiality impact rated as high. The vendor advisory does not currently specify any patch or mitigation.
Potential Impact
A remote attacker can exploit this vulnerability to read sensitive information from heap memory of the ovn-controller process, potentially leading to information disclosure. The vulnerability does not affect integrity or availability directly but compromises confidentiality. No known exploits in the wild have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-5367 for current remediation guidance. Until an official fix is released, consider restricting access to the affected service to trusted networks and monitoring for anomalous DHCPv6 SOLICIT traffic with abnormal Client ID lengths. Do not assume the vulnerability is mitigated without vendor confirmation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-04-01T18:39:05.229Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-5367","vendor":"Red Hat"}]
Threat ID: 69eb6ac987115cfb68343e77
Added to database: 4/24/2026, 1:06:17 PM
Last enriched: 4/24/2026, 1:21:01 PM
Last updated: 4/24/2026, 2:52:01 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.