CVE-2026-23456

Source
https://cve.org/CVERecord?id=CVE-2026-23456
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23456.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-23456
Downstream
Related
Published
2026-04-03T15:15:37.534Z
Modified
2026-07-09T18:31:31.278859044Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVSS Calculator
Summary
netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case
Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfconntrackh323: fix OOB read in decode_int() CONS case

In decodeint(), the CONS case calls getbits(bs, 2) to read a length value, then calls getuint(bs, len) without checking that len bytes remain in the buffer. The existing boundary check only validates the 2 bits for getbits(), not the subsequent 1-4 bytes that get_uint() reads. This allows a malformed H.323/RAS packet to cause a 1-4 byte slab-out-of-bounds read.

Add a boundary check for len bytes after getbits() and before getuint().

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23456.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
5e35941d990123f155b02d5663e51a24f816b6f3
Fixed
a2cd54b9348e485d338b3c132338a4410c99afaf
Fixed
c95dc674ebf01ecfb40388b6facfc89b81fed3b7
Fixed
41b417ff73a24b2c68134992cc44c88db27f482d
Fixed
52235bf88159a1ef16434ab49e47e99c8a09ab20
Fixed
774a434f8c9c8602a976b2536f65d0172a07f4d2
Fixed
6bce72daeccca9aa1746e92d6c3d4784e71f2ebb
Fixed
fb6c3596823ec5dd09c2123340330d7448f51a59
Fixed
1e3a3593162c96e8a8de48b1e14f60c3b57fca8a

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23456.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.17
Fixed
5.10.253
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.203
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.167
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.130
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.78
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.20
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23456.json"