CVE-2023-5366 – Openvswitch don't match packets on nd_target field
https://notcve.org/view.php?id=CVE-2023-5366
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses. Se encontró una falla en Open vSwitch que permite que los paquetes de anuncios de vecinos ICMPv6 entre máquinas virtuales omitan las reglas de OpenFlow. Este problema puede permitir que un atacante local cree paquetes especialmente manipulados con un campo de dirección IP de destino modificado o falsificado que puede redirigir el tráfico ICMPv6 a direcciones IP arbitrarias. • http://www.openwall.com/lists/oss-security/2024/02/08/4 https://access.redhat.com/security/cve/CVE-2023-5366 https://bugzilla.redhat.com/show_bug.cgi?id=2006347 https://lists.debian.org/debian-lts-announce/2024/02/msg00004.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2022-4338 – openvswitch: Integer Underflow in Organization Specific TLV
https://notcve.org/view.php?id=CVE-2022-4338
An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. Se encontró un desbordamiento de números enteros en el TLV específico de la organización en varias versiones de OpenvSwitch. A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a data underflow. • https://github.com/openvswitch/ovs/pull/405 https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html https://security.gentoo.org/glsa/202311-16 https://www.debian.org/security/2023/dsa-5319 https://www.openwall.com/lists/oss-security/2022/12/21/4 https://access.redhat.com/security/cve/CVE-2022-4338 https://bugzilla.redhat.com/show_bug.cgi?id=2155381 • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2022-4337 – openvswitch: Out-of-Bounds Read in Organization Specific TLV
https://notcve.org/view.php?id=CVE-2022-4337
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. Se encontró una lectura fuera de los límites en TLV específico de la organización en varias versiones de OpenvSwitch. A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service. • https://github.com/openvswitch/ovs/pull/405 https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html https://security.gentoo.org/glsa/202311-16 https://www.debian.org/security/2023/dsa-5319 https://www.openwall.com/lists/oss-security/2022/12/21/4 https://access.redhat.com/security/cve/CVE-2022-4337 https://bugzilla.redhat.com/show_bug.cgi?id=2155378 • CWE-125: Out-of-bounds Read •
CVE-2021-3905
https://notcve.org/view.php?id=CVE-2021-3905
A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments. Se ha encontrado una pérdida de memoria en Open vSwitch (OVS) durante el procesamiento de la fragmentación IP en el espacio de usuario. Un atacante podría usar este fallo para agotar potencialmente la memoria disponible al seguir enviando fragmentos de paquetes. • https://access.redhat.com/security/cve/CVE-2021-3905 https://bugzilla.redhat.com/show_bug.cgi?id=2019692 https://github.com/openvswitch/ovs-issues/issues/226 https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349 https://security.gentoo.org/glsa/202311-16 https://ubuntu.com/security/CVE-2021-3905 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2017-14970
https://notcve.org/view.php?id=CVE-2017-14970
In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table." En lib/ofp-util.c en Open vSwitch (OvS) en versiones anteriores a 2.8.1, hay múltiples fugas de memoria al analizar sintácticamente mensajes mod grupales OpenFlow malformados. NOTA: El proveedor discute la relevancia de este informe, diciendo que "solo puede ser iniciado mediante un controlador OpenFlow, pero los controladores OpenFlow tienen formas mucho más directas y poderosas para forzar a Open vSwitch a asignar memoria, como insertando flujos en la tabla de flujo". • https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html • CWE-772: Missing Release of Resource after Effective Lifetime •