{"id":"CVE-2023-39197","details":"An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol.","modified":"2026-03-23T05:10:34.858574Z","published":"2024-01-23T03:15:11.683Z","related":["SUSE-SU-2023:4730-1","SUSE-SU-2023:4731-1","SUSE-SU-2023:4732-1","SUSE-SU-2023:4733-1","SUSE-SU-2023:4734-1","SUSE-SU-2023:4735-1","SUSE-SU-2023:4782-1","SUSE-SU-2023:4783-1","SUSE-SU-2023:4784-1","SUSE-SU-2023:4810-1","SUSE-SU-2023:4811-1","SUSE-SU-2023:4882-1","SUSE-SU-2023:4883-1","SUSE-SU-2024:0112-1","SUSE-SU-2025:03600-1","SUSE-SU-2025:03613-1","SUSE-SU-2025:03614-1","SUSE-SU-2025:03615-1","SUSE-SU-2025:03626-1","SUSE-SU-2025:03628-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20851-1","SUSE-SU-2025:20861-1","SUSE-SU-2025:20870-1","SUSE-SU-2025:20898-1","SUSE-SU-2025:3716-1","SUSE-SU-2025:3751-1","SUSE-SU-2025:3761-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4141-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2023-39197"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2218342"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"2.6.26"},{"fixed":"5.4.251"}]},{"events":[{"introduced":"5.5"},{"fixed":"5.10.188"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.15.121"}]},{"events":[{"introduced":"5.16"},{"fixed":"6.1.39"}]},{"events":[{"introduced":"6.2"},{"fixed":"6.3.13"}]},{"events":[{"introduced":"6.4"},{"fixed":"6.4.4"}]},{"events":[{"introduced":"0"},{"last_affected":"38"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-39197.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}