What is GHSA-6qv5-f6m3-44g8?

GHSA-6qv5-f6m3-44g8 is a security advisory published by GitHub Security Advisories with Medium severity. OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulnerability in the...

Which CVE IDs does GHSA-6qv5-f6m3-44g8 cover?

GHSA-6qv5-f6m3-44g8 covers the following CVE IDs: CVE-2026-56099. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-6qv5-f6m3-44g8?

GHSA-6qv5-f6m3-44g8 has a CVSS v3 base score of 5.3, published by GitHub Security Advisories.

GHSA-6qv5-f6m3-44g8MediumCVSS 5.3

OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulnerability in the...

Vendor

GitHub Security Advisories

Published

June 18, 2026

Last Modified

June 18, 2026

🔗 CVE IDs covered (1)

CVE-2026-56099 →

📋 Description

OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulnerability in the mpls_do_error function within sys/netmpls/mpls_input.c that allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack bit set.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-56099
https://github.com/openbsd/src/commit/6a23123ec05f1eb29cfcaae0f3a468b2e1983cfd
https://pop.argus-systems.ai/advisory/adv-040.html
https://www.vulncheck.com/advisories/openbsd-mpls-do-error-kernel-stack-memory-disclosure-via-mpls-input
https://github.com/advisories/GHSA-6qv5-f6m3-44g8