rpm package
suse/openvswitch&distro=SUSE Linux Enterprise Server 12 SP4-ESPOS
pkg:rpm/suse/openvswitch&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-ESPOS
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-4338 | — | < 2.8.10-4.33.1 | 2.8.10-4.33.1 | Jan 10, 2023 | An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. | ||
| CVE-2022-4337 | — | < 2.8.10-4.33.1 | 2.8.10-4.33.1 | Jan 10, 2023 | An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. | ||
| CVE-2022-32166 | — | < 2.8.10-4.33.1 | 2.8.10-4.33.1 | Sep 28, 2022 | In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remo | ||
| CVE-2021-36980 | — | < 2.8.10-4.33.1 | 2.8.10-4.33.1 | Jul 20, 2021 | Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. |
- CVE-2022-4338Jan 10, 2023affected < 2.8.10-4.33.1fixed 2.8.10-4.33.1
An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
- CVE-2022-4337Jan 10, 2023affected < 2.8.10-4.33.1fixed 2.8.10-4.33.1
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
- CVE-2022-32166Sep 28, 2022affected < 2.8.10-4.33.1fixed 2.8.10-4.33.1
In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remo
- CVE-2021-36980Jul 20, 2021affected < 2.8.10-4.33.1fixed 2.8.10-4.33.1
Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.