CVE-2026-5367

NameCVE-2026-5367
DescriptionA flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1134486

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ovn (PTS)bookworm23.03.1-1~deb12u2vulnerable
trixie25.03.0-1vulnerable
forky26.03.0-2vulnerable
sid26.03.0-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ovnsource(unstable)26.03.0-41134486

Notes

https://www.openwall.com/lists/oss-security/2026/04/20/3
Fixed by: https://github.com/ovn-org/ovn/commit/78f6ce612403d6343f1e3782cbfff691d411dee4 (v26.03.1)
Search for package or bug name: Reporting problems