Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-1668

Good to know:

icon

Date: April 10, 2023

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.

Language: C

Severity Score

Related Resources (11)

https://access.redhat.com/security/cve/CVE-2023-1668
https://bugzilla.redhat.com/show_bug.cgi?id=2137666
https://www.debian.org/security/2023/dsa-5387
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2GUNS3WSJG4TUDKZ5L7FXGJMVOD6EJZ/
https://security.gentoo.org/glsa/202311-16
https://nvd.nist.gov/vuln/detail/CVE-2023-1668
https://www.openwall.com/lists/oss-security/2023/04/06/1
https://github.com/openvswitch/ovs/commit/7fa0106e8594c34f9e16efd87a58e38a947c6c5b
https://lists.debian.org/debian-lts-announce/2023/05/msg00000.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2GUNS3WSJG4TUDKZ5L7FXGJMVOD6EJZ/
https://www.mend.io/vulnerability-database/CVE-2023-1668

Severity Score

Weakness Type (CWE)

Always-Incorrect Control Flow Implementation

CWE-670

Top Fix

icon

Upgrade Version

Upgrade to version v2.13.11,v2.14.9,v2.15.8,v2.16.7,v2.17.6,v3.0.4,v3.1.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us