VDB

CVE-2026-23455

CVE-2026-23455 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() In DecodeQ931(), the UserUserIE code path reads a 16-bit length from the packet, then decrements it by 1 to skip the protocol discriminator byte before passing it to DecodeH323_UserInformation(). If the encoded length is 0, the decrement wraps to -1, which is then passed as a large value to the decoder, leading to an out-of-bounds read. Add a check to ensure len is positive after the decrement.

EPSS 0.12% · 29.9th percentile

Risk Scores

EPSS Score
0.12%
29.9th percentile

Affected Products

VendorProductVersions
LinuxLinux*, 6.1.167, 6.6.130
linuxlinux_kernel2.6.17, 2.6.17, 2.6.17

Timeline

  • Apr 3, 2026 CVE Published
  • Apr 27, 2026 CVE Updated
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
  • May 23, 2026 EPSS Score
  • May 24, 2026 EPSS Score
  • May 25, 2026 EPSS Score
  • May 26, 2026 EPSS Score
  • May 27, 2026 EPSS Score

References

…and 79 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›