2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2023-1668" ,
"sourceIdentifier" : "secalert@redhat.com" ,
"published" : "2023-04-10T22:15:09.133" ,
2023-11-07 21:03:21 +00:00
"lastModified" : "2023-11-07T04:04:33.040" ,
2023-04-24 12:24:31 +02:00
"vulnStatus" : "Modified" ,
"descriptions" : [
{
"lang" : "en" ,
"value" : "A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow."
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 8.2 ,
"baseSeverity" : "HIGH"
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 4.2
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-670"
}
]
} ,
{
2023-11-07 21:03:21 +00:00
"source" : "53f830b8-0a3f-465b-8143-3b8a9948e749" ,
2023-04-24 12:24:31 +02:00
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-670"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "1.5.0" ,
"versionEndExcluding" : "2.13.11" ,
"matchCriteriaId" : "48C1C5E9-E256-43FD-9797-12F07441AAB1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "2.14.0" ,
"versionEndExcluding" : "2.14.9" ,
"matchCriteriaId" : "A83DDD27-28AF-4ADA-9B8F-6573F29E9E22"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "2.15.0" ,
"versionEndExcluding" : "2.15.8" ,
"matchCriteriaId" : "CB75186B-4FB7-473D-B249-5A023DA1FDA4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "2.16.0" ,
"versionEndExcluding" : "2.16.7" ,
"matchCriteriaId" : "CD2D922F-E28D-4777-B0A9-814996568D1F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "2.17.0" ,
"versionEndExcluding" : "2.17.6" ,
"matchCriteriaId" : "B88C4B2D-F726-46E4-8021-42C5770CF91B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "3.0.0" ,
"versionEndExcluding" : "3.0.4" ,
"matchCriteriaId" : "92486D94-C16D-4422-986D-CC4BCC01F98A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cloudbase:open_vswitch:3.1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3C1AC9C8-68B9-413F-866F-46B279906B08"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FA6FEEC2-9F11-4643-8827-749718254FED"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "932D137F-528B-4526-9A89-CD59FA1AB0FE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DCC81071-B46D-4F5D-AC25-B4A4CCC20C73"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openstack_platform:17.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F7076B1E-0529-43CC-828B-45C2ED11F9F6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:fast_datapath:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0A63D05D-BFAF-484B-BA49-5F5E399CDA02"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
} ,
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*" ,
"matchCriteriaId" : "053C1B35-3869-41C2-9551-044182DE0A64"
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2137666" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Issue Tracking" ,
"Third Party Advisory"
]
} ,
2023-05-01 10:00:27 +02:00
{
"url" : "https://lists.debian.org/debian-lts-announce/2023/05/msg00000.html" ,
"source" : "secalert@redhat.com"
} ,
2023-04-24 12:24:31 +02:00
{
2023-11-07 21:03:21 +00:00
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2GUNS3WSJG4TUDKZ5L7FXGJMVOD6EJZ/" ,
2023-04-24 12:24:31 +02:00
"source" : "secalert@redhat.com"
} ,
{
"url" : "https://www.debian.org/security/2023/dsa-5387" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://www.openwall.com/lists/oss-security/2023/04/06/1" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Mailing List" ,
"Mitigation" ,
"Patch"
]
}
]
}
