6 matches found
SUSE CVE-2026-23456
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: fix OOB read in decodeint CONS case In decodeint, the CONS case calls getbitsbs, 2 to read a length value, then calls getuintbs, len without checking that len bytes remain in the buffer. The existing...
EUVD-2026-18712
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: fix OOB read in decodeint CONS case In decodeint, the CONS case calls getbitsbs, 2 to read a length value, then calls getuintbs, len without checking that len bytes remain in the buffer. The existing...
CVE-2026-23456
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: fix OOB read in decodeint CONS case In decodeint, the CONS case calls getbitsbs, 2 to read a length value, then calls getuintbs, len without checking that len bytes remain in the buffer. The existing...
CVE-2026-23456
In the Linux kernel, CVE-2026-23456 concerns nf_conntrack_h323: decode_int() in CONS reads the length with get_bits() and then calls get_uint() without ensuring enough bytes remain, causing a 1–4 byte slab-out-of-bounds read. A boundary check for len after get_bits() and before get_uint() has bee...
CVE-2026-23456 netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: fix OOB read in decodeint CONS case In decodeint, the CONS case calls getbitsbs, 2 to read a length value, then calls getuintbs, len without checking that len bytes remain in the buffer. The existing...
CVE-2026-23456
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: fix OOB read in decodeint CONS case In decodeint, the CONS case calls getbitsbs, 2 to read a length value, then calls getuintbs, len without checking that len bytes remain in the buffer. The existing...