CVE-2026-23455

Source
https://cve.org/CVERecord?id=CVE-2026-23455
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23455.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-23455
Downstream
Related
Published
2026-04-03T15:15:36.869Z
Modified
2026-07-09T18:30:24.709858642Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()
Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfconntrackh323: check for zero length in DecodeQ931()

In DecodeQ931(), the UserUserIE code path reads a 16-bit length from the packet, then decrements it by 1 to skip the protocol discriminator byte before passing it to DecodeH323_UserInformation(). If the encoded length is 0, the decrement wraps to -1, which is then passed as a large value to the decoder, leading to an out-of-bounds read.

Add a check to ensure len is positive after the decrement.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23455.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
5e35941d990123f155b02d5663e51a24f816b6f3
Fixed
2121f5fbe88daff0f1fc5bc47d359426c74b86b0
Fixed
65fa92f79677858b14b9e4b7275f26639afe2710
Fixed
495e97af9e7249ee02b72bb1d0848a6efc3700f4
Fixed
f5e4f4e4cdb75ec36802059a94195a31f193da60
Fixed
633e8f87dad32263f6a57dccdb873f042c062111
Fixed
9d00fe7d6d7c5b5f1065a6e042b54f2e44bd6df8
Fixed
b652b05d51003ac074b912684f9ec7486231717b
Fixed
f173d0f4c0f689173f8cdac79991043a4a89bf66

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23455.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.17
Fixed
5.10.253
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.203
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.167
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.130
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.78
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.20
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23455.json"