Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-3966

Опубликовано: 22 фев. 2024
Источник: debian
EPSS Низкий

Описание

A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
openvswitchfixed3.3.0-1package
openvswitchnot-affectedbusterpackage

Примечания

  • https://www.openwall.com/lists/oss-security/2024/02/08/3

  • Introduced by: https://github.com/openvswitch/ovs/commit/a468645c6d330943dbe0c8d466e05b9af2d7df0c (v2.11.0)

  • Fixed by: https://github.com/openvswitch/ovs/commit/2cfbcd5247ed0fd941c1ebb9f4adb952b67fe13a (v3.2.2)

  • Fixed by: https://github.com/openvswitch/ovs/commit/91e621bd5abab19954bec09c7d27c59acdf607b1 (v3.1.4)

  • Fixed by: https://github.com/openvswitch/ovs/commit/935cd1d574c6f432a451df8941374ffb36d767d9 (v3.0.6)

  • Fixed by: https://github.com/openvswitch/ovs/commit/b8657dada9641fbd2bd3a3f882e0862448d60910 (v2.17.9)

  • https://mail.openvswitch.org/pipermail/ovs-dev/2024-February/411702.html

EPSS

Процентиль: 12%
0.00042
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-3966

CVSS3: 7.5
ubuntu
больше 1 года назад

A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.

redhat логотип

CVE-2023-3966

CVSS3: 7.5
redhat
больше 1 года назад

A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.

nvd логотип

CVE-2023-3966

CVSS3: 7.5
nvd
больше 1 года назад

A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.

msrc логотип

CVE-2023-3966

CVSS3: 7.5
msrc
больше 1 года назад

Описание отсутствует

suse-cvrf логотип

SUSE-SU-2024:0937-1

suse-cvrf
больше 1 года назад

Security update for openvswitch

EPSS

Процентиль: 12%
0.00042
Низкий