exploitDog

CVE-2023-3153

Опубликовано: 04 окт. 2023

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.

Ссылки

https://access.redhat.com/security/cve/CVE-2023-3153
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2213279
Issue Tracking
https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd
Patch
https://github.com/ovn-org/ovn/issues/198
Issue Tracking
https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html
Mitigation
Patch
https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html
Patch
https://access.redhat.com/security/cve/CVE-2023-3153
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2213279
Issue Tracking
https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd
Patch
https://github.com/ovn-org/ovn/issues/198
Issue Tracking
https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html
Mitigation
Patch
https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html
Patch

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*

Версия до 22.03.3 (исключая)

cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*

Версия от 22.03.4 (включая) до 22.09.2 (исключая)

cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*

Версия от 22.09.3 (включая) до 22.12.1 (исключая)

cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*

Версия от 22.12.2 (включая) до 23.03.1 (исключая)

cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*

Версия от 23.03.2 (включая) до 23.06.1 (исключая)

Конфигурация 2

cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:a:redhat:fast_datapath:-:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 22%

0.00071

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-400

CWE-770

Связанные уязвимости

CVE-2023-3153

CVSS3: 5.3

ubuntu

больше 2 лет назад

A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.

CVE-2023-3153

CVSS3: 5.3

redhat

больше 2 лет назад

A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.

CVE-2023-3153

CVSS3: 5.3

debian

больше 2 лет назад

A flaw was found in Open Virtual Network where the service monitor MAC ...

GHSA-qq9r-36hc-f769

CVSS3: 5.3

github

больше 2 лет назад

A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.

BDU:2025-03954

CVSS3: 5.3

fstec

больше 2 лет назад

Уязвимость компонента MAC Service Monitor программного многоуровневого коммутатора Open vSwitch,позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 22%

0.00071

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-400

CWE-770