CVE-2023-3966

CWE-24810 documents9 sources

Severity

7.5HIGH

EPSS

0.0%

top 86.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openvswitch Openvswitch Fedoraproject Fedora

Timeline

PublishedFeb 22

Latest updateMar 12

Description

A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDopenvswitch/openvswitch< 3.1.0

▶Debianopenvswitch< 2.15.0+ds1-2+deb11u5+3

▶Ubuntuopenvswitch< 2.13.8-0ubuntu1.4+1

Also affects: Fedora 39, 40

🔴Vulnerability Details

OSV

openvswitch vulnerabilities↗2024-03-12

▶

OSV

CVE-2023-3966: A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid↗2024-02-22

▶

GHSA

GHSA-r9cj-pfgj-jc26: A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid↗2024-02-22

▶

CVEList

Openvswsitch: ovs-vswitch fails to recover after malformed geneve metadata packet↗2024-02-22

▶

📋Vendor Advisories

Ubuntu

Open vSwitch vulnerabilities↗2024-03-12

▶

Microsoft

Openvswsitch: ovs-vswitch fails to recover after malformed geneve metadata packet↗2024-02-13

▶

Red Hat

openvswsitch: ovs-vswitch fails to recover after malformed geneve metadata packet↗2024-02-08

▶

Debian

CVE-2023-3966: openvswitch - A flaw was found in Open vSwitch where multiple versions are vulnerable to craft...↗2023

▶

💬Community

Bugzilla

CVE-2023-3966 openvswsitch: ovs-vswitch fails to recover after malformed geneve metadata packet↗2023-03-15

▶