Home > Vulnerability Database > CVE-2024-2182

Mend.io Vulnerability Database

CVE-2024-2182

Good to know:

Date: March 12, 2024

A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.

Language: C

Severity Score

6.5

Related Resources (19)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-2182

Url: https://access.redhat.com/errata/RHSA-2024:1390

Url: https://access.redhat.com/errata/RHSA-2024:1392

Url: https://access.redhat.com/errata/RHSA-2024:1391

Url: http://www.openwall.com/lists/oss-security/2024/03/12/5

Url: https://access.redhat.com/errata/RHSA-2024:1394

Url: https://access.redhat.com/errata/RHSA-2024:1393

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CB4N522FCS4XWAPUKRWZF6QZ657FCIDF/

Url: https://access.redhat.com/errata/RHSA-2024:1385

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2267840

Url: https://access.redhat.com/errata/RHSA-2024:1387

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRKXOOOKD56TY3JQVB45N3GCTX3EG4BV/

Url: https://access.redhat.com/errata/RHSA-2024:1386

Url: https://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.html

Url: https://access.redhat.com/errata/RHSA-2024:1388

Url: https://access.redhat.com/security/cve/CVE-2024-2182

Url: https://www.openwall.com/lists/oss-security/2024/03/12/5

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APR4GCVCMQD3DQUKXDNGIXCCYGE5V7IT/

Url: https://www.mend.io/vulnerability-database/CVE-2024-2182

Severity Score

6.5

Weakness Type (CWE)

Origin Validation Error

CWE-346

Top Fix

Upgrade Version

Upgrade to version v22.03.7,v23.03.3,v23.06.3,v23.09.3,v24.03.1

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-2182

Good to know:

Date: March 12, 2024

Language: C

Severity Score

Related Resources (19)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?