CVE-2026-23457

CVE-2026-23457 is a high-severity vulnerability in Linux Linux Kernel with a CVSS 3.x base score of 8.6. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.

Key facts

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() sip_help_tcp() parses the SIP Content-Length header with simple_strtoul(), which returns unsigned long, but stores the result in unsigned int clen. On 64-bit systems, values exceeding UINT_MAX are silently truncated before computing the SIP message boundary. For example, Content-Length 4294967328 (2^32 + 32) is truncated to 32, causing the parser to miscalculate where the current message ends. The loop then treats trailing data in the TCP segment as a second SIP message and processes it through the SDP parser. Fix this by changing clen to unsigned long to match the return type of simple_strtoul(), and reject Content-Length values that exceed the remaining TCP payload length.

Frequently asked questions

What is CVE-2026-23457?
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() sip_help_tcp() parses the SIP Content-Length header with simple_strtoul(), which returns unsigned long, but stores the result in unsigned int clen. On 64-bit systems, values exceeding UINT_MAX are silently truncated before computing the SIP message boundary. For example, Content-Length 4294967328 (2^32 + 32) is truncated to 32, causing the parser to miscalculate where the current message ends. The loop then treats trailing data in the TCP segment as a second SIP message and processes it through the SDP parser. Fix this by changing clen to unsigned long to match the return type of simple_strtoul(), and reject Content-Length values that exceed the remaining TCP payload length.
How severe is CVE-2026-23457?
CVE-2026-23457 has a CVSS 3.x base score of 8.6, rated high severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is low, integrity low, and availability high.
Is CVE-2026-23457 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (30th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2026-23457?
CVE-2026-23457 primarily affects Linux Linux Kernel. In total, 5 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
How do I fix CVE-2026-23457?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
Does CVE-2026-23457 have an EU (EUVD) identifier?
Yes. CVE-2026-23457 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-18714.
When was CVE-2026-23457 published?
CVE-2026-23457 was published on 2026-04-03 and last updated on 2026-06-17.

References

Affected products (5)

More vulnerabilities in Linux Linux Kernel

All CVEs affecting Linux Linux Kernel →