rpm package
opensuse/openvswitch&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/openvswitch&distro=openSUSE%20Tumbleweed
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-34956 | Med | 5.9 | < 3.7.1-33.1 | 3.7.1-33.1 | May 5, 2026 | A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a cr | |
| CVE-2025-0650 | Hig | 8.1 | < 3.3.2-25.1 | 3.3.2-25.1 | Jan 23, 2025 | A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can l | |
| CVE-2023-3966 | — | < 3.1.0-19.1 | 3.1.0-19.1 | Feb 22, 2024 | A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled. | ||
| CVE-2023-5366 | — | < 3.1.0-18.1 | 3.1.0-18.1 | Oct 6, 2023 | A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICM | ||
| CVE-2023-3153 | — | < 3.1.0-15.1 | 3.1.0-15.1 | Oct 4, 2023 | A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured. | ||
| CVE-2023-3152 | — | < 3.1.0-15.1 | 3.1.0-15.1 | Jun 7, 2023 | A vulnerability classified as critical has been found in SourceCodester Online Discussion Forum Site 1.0. This affects an unknown part of the file admin\posts\view_post.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has b | ||
| CVE-2023-1668 | — | < 3.1.0-14.1 | 3.1.0-14.1 | Apr 10, 2023 | A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols | ||
| CVE-2022-4338 | — | < 3.1.0-12.1 | 3.1.0-12.1 | Jan 10, 2023 | An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. | ||
| CVE-2021-36980 | — | < 2.17.0-12.1 | 2.17.0-12.1 | Jul 20, 2021 | Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. | ||
| CVE-2020-27827 | — | < 2.14.2-11.3 | 2.14.2-11.3 | Mar 18, 2021 | A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. | ||
| CVE-2012-3449 | — | < 2.6.1-2.1 | 2.6.1-2.1 | Aug 7, 2012 | Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files. |
- affected < 3.7.1-33.1fixed 3.7.1-33.1
A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a cr
- affected < 3.3.2-25.1fixed 3.3.2-25.1
A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can l
- CVE-2023-3966Feb 22, 2024affected < 3.1.0-19.1fixed 3.1.0-19.1
A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.
- CVE-2023-5366Oct 6, 2023affected < 3.1.0-18.1fixed 3.1.0-18.1
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICM
- CVE-2023-3153Oct 4, 2023affected < 3.1.0-15.1fixed 3.1.0-15.1
A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.
- CVE-2023-3152Jun 7, 2023affected < 3.1.0-15.1fixed 3.1.0-15.1
A vulnerability classified as critical has been found in SourceCodester Online Discussion Forum Site 1.0. This affects an unknown part of the file admin\posts\view_post.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has b
- CVE-2023-1668Apr 10, 2023affected < 3.1.0-14.1fixed 3.1.0-14.1
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols
- CVE-2022-4338Jan 10, 2023affected < 3.1.0-12.1fixed 3.1.0-12.1
An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
- CVE-2021-36980Jul 20, 2021affected < 2.17.0-12.1fixed 2.17.0-12.1
Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.
- CVE-2020-27827Mar 18, 2021affected < 2.14.2-11.3fixed 2.14.2-11.3
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
- CVE-2012-3449Aug 7, 2012affected < 2.6.1-2.1fixed 2.6.1-2.1
Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files.