Description

The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading to malformed HTTP 206 responses and log flooding.

Severity (CVSS)

Base score4.8
SeverityMedium
VersionCVSS 3.1
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Provided byCNA

Weaknesses

  • CWE-805 — Buffer Access with Incorrect Length Value

Affected products

VendorProductVersions
Red HatRed Hat Enterprise Linux 10
Red HatRed Hat Enterprise Linux 6
Red HatRed Hat Enterprise Linux 7
Red HatRed Hat Enterprise Linux 8
Red HatRed Hat Enterprise Linux 9

References

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 23 Jun 2026 10:05 UTC.