CVE-2023-1668 - Always-Incorrect Control Flow Implementation

Severity

82%

Complexity

39%

Confidentiality

70%

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.

CVSS 3.1 Base Score 8.2. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H).

Overview

First reported 2 years ago

2023-04-10 22:15:00

Last updated 1 year ago

2023-11-26 11:15:00

Affected Software

Red Hat Openshift Container Platform 4.0

4.0

References

https://www.openwall.com/lists/oss-security/2023/04/06/1

https://bugzilla.redhat.com/show_bug.cgi?id=2137666

DSA-5387

https://www.openwall.com/lists/oss-security/2023/04/06/1

Mailing List, Mitigation, Patch

https://bugzilla.redhat.com/show_bug.cgi?id=2137666

Issue Tracking, Third Party Advisory

DSA-5387

Third Party Advisory

FEDORA-2023-7da03dc2ae

[debian-lts-announce] 20230501 [SECURITY] [DLA 3410-1] openvswitch security update

FEDORA-2023-7da03dc2ae

GLSA-202311-16

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.