rpm package
opensuse/openvswitch&distro=openSUSE Leap 15.5
pkg:rpm/opensuse/openvswitch&distro=openSUSE%20Leap%2015.5
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-3966 | — | < 2.14.2-150400.24.23.1 | 2.14.2-150400.24.23.1 | Feb 22, 2024 | A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled. | ||
| CVE-2024-22563 | — | < 2.14.2-150400.24.20.1 | 2.14.2-150400.24.20.1 | Jan 19, 2024 | openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. | ||
| CVE-2023-5366 | — | < 2.14.2-150400.24.14.2 | 2.14.2-150400.24.14.2 | Oct 6, 2023 | A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICM | ||
| CVE-2023-1668 | — | < 2.14.2-150400.24.9.1 | 2.14.2-150400.24.9.1 | Apr 10, 2023 | A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols | ||
| CVE-2022-4338 | — | < 2.14.2-150400.24.6.1 | 2.14.2-150400.24.6.1 | Jan 10, 2023 | An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. | ||
| CVE-2022-4337 | — | < 2.14.2-150400.24.6.1 | 2.14.2-150400.24.6.1 | Jan 10, 2023 | An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. |
- CVE-2023-3966Feb 22, 2024affected < 2.14.2-150400.24.23.1fixed 2.14.2-150400.24.23.1
A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.
- CVE-2024-22563Jan 19, 2024affected < 2.14.2-150400.24.20.1fixed 2.14.2-150400.24.20.1
openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c.
- CVE-2023-5366Oct 6, 2023affected < 2.14.2-150400.24.14.2fixed 2.14.2-150400.24.14.2
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICM
- CVE-2023-1668Apr 10, 2023affected < 2.14.2-150400.24.9.1fixed 2.14.2-150400.24.9.1
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols
- CVE-2022-4338Jan 10, 2023affected < 2.14.2-150400.24.6.1fixed 2.14.2-150400.24.6.1
An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
- CVE-2022-4337Jan 10, 2023affected < 2.14.2-150400.24.6.1fixed 2.14.2-150400.24.6.1
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.