CVE-2022-4338

CWE-125 — Out-of-bounds Read CWE-1918 documents8 sources

Severity

9.8CRITICAL

EPSS

0.6%

top 31.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openvswitch Openvswitch Debian Debian Linux

Timeline

PublishedJan 10

Latest updateFeb 27

Description

An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDopenvswitch/openvswitch2.14.0 — 2.14.8+5

▶Debianopenvswitch< 2.15.0+ds1-2+deb11u2+3

▶CVEListV5openvswitchopenvswitch 3.0.3, openvswitch 2.17.5, openvswitch 2.16.6, openvswitch 2.15.7, openvswitch 2.14.8, openvswitch 2.13.10

Also affects: Debian Linux 11.0

Patches

Patch: github.com ↗Patch: mail.openvswitch.org ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-c3mc-r2x5-rwmf: An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch↗2023-01-11

▶

OSV

CVE-2022-4338: An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch↗2023-01-10

▶

CVEList

CVE-2022-4338: An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch↗2023-01-10

▶

📋Vendor Advisories

Ubuntu

Open vSwitch vulnerabilities↗2023-02-27

▶

Microsoft

An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.↗2023-01-10

▶

Red Hat

openvswitch: Integer Underflow in Organization Specific TLV↗2022-12-20

▶

Debian

CVE-2022-4338: openvswitch - An integer underflow in Organization Specific TLV was found in various versions ...↗2022

▶