8.2 - CVE-2023-1668

Executive Summary

Informations
Name	CVE-2023-1668	First vendor Publication	2023-04-10
Vendor	Cve	Last vendor Modification	2023-11-26

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Overall CVSS Score	8.2
Base Score	8.2	Environmental Score	8.2
impact SubScore	4.2	Temporal Score	8.2
Exploitabality Sub Score	3.9

Attack Vector	Network	Attack Complexity	Low
Privileges Required	None	User Interaction	None
Scope	Unchanged	Confidentiality Impact	Low
Integrity Impact	None	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score	N/A	Attack Range	N/A
Cvss Impact Score	N/A	Attack Complexity	N/A
Cvss Expoit Score	N/A	Authentication	N/A
Calculate full CVSS 2.0 Vectors scores

Detail

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1668

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-670	Always-Incorrect Control Flow Implementation

CPE : Common Platform Enumeration

Type	Description	Count
Application	Cloudbase Open Vswitch cpe:2.3:a:cloudbase:open_vswitch:3.1.0:::::::* cpe:2.3:a:cloudbase:open_vswitch::::::::	2
Application	Redhat Openshift Container Platform cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::*	1
Application	Redhat Openstack Platform cpe:2.3:a:redhat:openstack_platform:17.0:::::::* cpe:2.3:a:redhat:openstack_platform:16.2:::::::* cpe:2.3:a:redhat:openstack_platform:16.1:::::::*	3
Application	Redhat Virtualization cpe:2.3:a:redhat:virtualization:4.0:::::::*	1
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:11.0:::::::*	1

Sources (Detail)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://security.gentoo.org/glsa/202311-16

Source	Url
DEBIAN	https://www.debian.org/security/2023/dsa-5387
MISC	https://bugzilla.redhat.com/show_bug.cgi?id=2137666 https://www.openwall.com/lists/oss-security/2023/04/06/1
MLIST	https://lists.debian.org/debian-lts-announce/2023/05/msg00000.html

Alert History

If you want to see full details history, please login or register.

Date	Informations
2023-11-26 17:27:46	Multiple Updates
2023-11-07 21:29:23	Multiple Updates
2023-05-01 13:14:41	Multiple Updates
2023-04-23 09:27:29	Multiple Updates
2023-04-21 21:27:34	Multiple Updates
2023-04-14 09:27:18	Multiple Updates
2023-04-11 17:27:16	Multiple Updates
2023-04-11 05:27:16	First insertion

Type	Count
CWE ID(s)	1
CPE ID(s)	8
Sources(s)	6

8.2 - CVE-2023-1668

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Sources (Detail)

Alert History

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU