Bug 2454800 (CVE-2026-23457)
| Summary: | CVE-2026-23457 kernel: netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in the Linux kernel's netfilter subsystem, specifically within the `nf_conntrack_sip` module. This vulnerability arises from an integer truncation error when processing the `Content-Length` header in Session Initiation Protocol (SIP) messages. On 64-bit systems, large `Content-Length` values are silently truncated, causing the system to misinterpret the boundary of SIP messages. This can lead to the incorrect parsing of network traffic, potentially allowing an attacker to bypass security policies or trigger unintended processing of data.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2026-04-03 16:01:21 UTC
|