CVE-2026-5265

Name of the Vulnerable Software and Affected Versions ovn-controller (affected versions not specified)

Description A heap over-read occurs when generating ICMP Destination Unreachable or Packet Too Big responses. The handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length (ip tot len for IPv4, ip6 plen for IPv6) without validating it against the actual packet buffer size. A virtual machine can send a short packet with an inflated IP length field to trigger an ICMP error, causing the system to read heap memory beyond the valid packet data and include it in the response sent back to the VM.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.