CVE-2023-39197

An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol.

Published: Jan 23, 2024
Updated: Jan 31, 2024
CVE: CVE-2023-39197
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-125

Affected Software
References

Software	From	Fixed in
fedoraproject / fedora	38	38.x
linux / linux_kernel	5.16	6.1.39
linux / linux_kernel	5.11	5.15.121
linux / linux_kernel	5.5	5.10.188
linux / linux_kernel	6.4	6.4.4
linux / linux_kernel	6.2	6.3.13
linux / linux_kernel	2.6.26	5.4.251

https://access.redhat.com/security/cve/CVE-2023-39197
https://bugzilla.redhat.com/show_bug.cgi?id=2218342

Vulnerability Database

CVE-2023-39197