CVE-2022-4337

CWE-125 — Out-of-bounds Read8 documents8 sources

Severity

9.8CRITICAL

EPSS

0.4%

top 38.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openvswitch Openvswitch Debian Debian Linux

Timeline

PublishedJan 10

Latest updateFeb 27

Description

An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDopenvswitch/openvswitch2.14.0 — 2.14.8+5

▶Debianopenvswitch< 2.15.0+ds1-2+deb11u2+3

▶CVEListV5openvswitchopenvswitch 3.0.3, openvswitch 2.17.5, openvswitch 2.16.6, openvswitch 2.15.7, openvswitch 2.14.8, openvswitch 2.13.10

Also affects: Debian Linux 11.0

Patches

Patch: github.com ↗Patch: mail.openvswitch.org ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-3ch9-x7v9-qhxv: An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch↗2023-01-11

▶

OSV

CVE-2022-4337: An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch↗2023-01-10

▶

CVEList

CVE-2022-4337: An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch↗2023-01-10

▶

📋Vendor Advisories

Ubuntu

Open vSwitch vulnerabilities↗2023-02-27

▶

Microsoft

An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.↗2023-01-10

▶

Red Hat

openvswitch: Out-of-Bounds Read in Organization Specific TLV↗2022-12-20

▶

Debian

CVE-2022-4337: openvswitch - An out-of-bounds read in Organization Specific TLV was found in various versions...↗2022

▶