Threats Tagged 'cve-2026-5367'

OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups. Security Fix(es): * ovn: ovn: Heap Over-Read in ICMP Error Response Generation - security issue (CVE-2026-5265) * ovn: OVN: Information disclosure via crafted DHCPv6 packets (CVE-2026-5367) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups. Security Fix(es): * ovn: ovn: Heap Over-Read in ICMP Error Response Generation - security issue (CVE-2026-5265) * ovn: OVN: Information disclosure via crafted DHCPv6 packets (CVE-2026-5367) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups. Security Fix(es): * ovn: ovn: Heap Over-Read in ICMP Error Response Generation - security issue (CVE-2026-5265) * ovn: OVN: Information disclosure via crafted DHCPv6 packets (CVE-2026-5367) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups. Security Fix(es): * ovn: ovn: Heap Over-Read in ICMP Error Response Generation - security issue (CVE-2026-5265) * ovn: OVN: Information disclosure via crafted DHCPv6 packets (CVE-2026-5367) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups. Security Fix(es): * ovn: ovn: Heap Over-Read in ICMP Error Response Generation - security issue (CVE-2026-5265) * ovn: OVN: Information disclosure via crafted DHCPv6 packets (CVE-2026-5367) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups. Security Fix(es): * ovn: ovn: Heap Over-Read in ICMP Error Response Generation - security issue (CVE-2026-5265) * ovn: OVN: Information disclosure via crafted DHCPv6 packets (CVE-2026-5367) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups. Security Fix(es): * ovn: ovn: Heap Over-Read in ICMP Error Response Generation - security issue (CVE-2026-5265) * ovn: OVN: Information disclosure via crafted DHCPv6 packets (CVE-2026-5367) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port.