CVE-2026-23457Incorrect Conversion between Numeric Types in Linux

CWE-681Incorrect Conversion between Numeric Types6 documents6 sources
Severity
5.3MEDIUM
No vector
EPSS
0.0%
top 90.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() sip_help_tcp() parses the SIP Content-Length header with simple_strtoul(), which returns unsigned long, but stores the result in unsigned int clen. On 64-bit systems, values exceeding UINT_MAX are silently truncated before computing the SIP message boundary. For example, Content-Length 4294967328 (2^32 + 32) is truncated to 32, causing the parser

Affected Packages3 packages

Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linuxf5b321bd37fbec9188feb1f721ab46a5ac0b35dab75209debb9adab287b3caa982f77788c1e15027+6
debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

2
GHSA
GHSA-4q45-qq5w-x2fj: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp()2026-04-03
OSV
CVE-2026-23457: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() s2026-04-03

📋Vendor Advisories

2
Red Hat
kernel: netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp()2026-04-03
Debian
CVE-2026-23457: linux - In the Linux kernel, the following vulnerability has been resolved: netfilter: ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23457 Impact, Exploitability, and Mitigation Steps | Wiz