A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - openvswitch: limitation in the OVS packet parsing in userspace leads to DoS (CVE-2020-35498)

  - openvswitch: Integer Underflow in Organization Specific TLV (CVE-2022-4338)

  - An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting     parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group     type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the     type and command earlier, when it might still be invalid. This causes an assertion failure (via     OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default. (CVE-2018-17204)

  - An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in     ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order.
    If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries     to revert back all previous flows that were successfully applied from the same bundle. This is possible     since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old     flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for     new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash.
    (CVE-2018-17205)

  - An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside     lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding. (CVE-2018-17206)

  - The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote     attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that     requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka     a Tuple Space Explosion (TSE) attack. (CVE-2019-25076)

  - Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP     (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. (CVE-2021-36980)

  - A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker     could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
    (CVE-2021-3905)

  - An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
    (CVE-2022-4337)

  - A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the     datapath flow without the action modifying the IP header. This issue results (for both kernel and     userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for     this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a !=     0 IP protocol that matches this dp flow. (CVE-2023-1668)

  - A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual     machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted     packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary     IP addresses. (CVE-2023-5366)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

  - A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual     machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted     packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary     IP addresses. (CVE-2023-5366)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - openvswitch: limitation in the OVS packet parsing in userspace leads to DoS (CVE-2020-35498)

  - openvswitch: Integer Underflow in Organization Specific TLV (CVE-2022-4338)

  - The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote     attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that     requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka     a Tuple Space Explosion (TSE) attack. (CVE-2019-25076)

  - Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP     (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. (CVE-2021-36980)

  - A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker     could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
    (CVE-2021-3905)

  - An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
    (CVE-2022-4337)

  - A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the     datapath flow without the action modifying the IP header. This issue results (for both kernel and     userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for     this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a !=     0 IP protocol that matches this dp flow. (CVE-2023-1668)

  - A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual     machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted     packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary     IP addresses. (CVE-2023-5366)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote host is affected by the vulnerability described in GLSA-202311-16 (Open vSwitch: Multiple Vulnerabilities)

  - A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to     be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service.
    The highest threat from this vulnerability is to system availability. (CVE-2020-27827)

  - A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing     can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel     to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to     system availability. (CVE-2020-35498)

  - A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker     could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
    (CVE-2021-3905)

  - Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP     (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. (CVE-2021-36980)

  - An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
    (CVE-2022-4337)

  - An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
    (CVE-2022-4338)

  - A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the     datapath flow without the action modifying the IP header. This issue results (for both kernel and     userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for     this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a !=     0 IP protocol that matches this dp flow. (CVE-2023-1668)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2621-1 advisory.

  - A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the     datapath flow without the action modifying the IP header. This issue results (for both kernel and     userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for     this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a !=     0 IP protocol that matches this dp flow. (CVE-2023-1668)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2536-1 advisory.

  - A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the     datapath flow without the action modifying the IP header. This issue results (for both kernel and     userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for     this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a !=     0 IP protocol that matches this dp flow. (CVE-2023-1668)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3491 advisory.

  - kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564)

  - kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)

  - samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided (CVE-2022-38023)

  - kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222)

  - kernel: net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)

  - openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2296-1 advisory.

  - A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the     datapath flow without the action modifying the IP header. This issue results (for both kernel and     userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for     this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a !=     0 IP protocol that matches this dp flow. (CVE-2023-1668)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2274-1 advisory.

  - An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
    (CVE-2022-4337)

  - An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
    (CVE-2022-4338)

  - A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the     datapath flow without the action modifying the IP header. This issue results (for both kernel and     userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for     this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a !=     0 IP protocol that matches this dp flow. (CVE-2023-1668)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2275-1 advisory.

  - An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
    (CVE-2022-4337)

  - An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
    (CVE-2022-4338)

  - A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the     datapath flow without the action modifying the IP header. This issue results (for both kernel and     userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for     this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a !=     0 IP protocol that matches this dp flow. (CVE-2023-1668)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6068-1 advisory.

  - A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the     datapath flow without the action modifying the IP header. This issue results (for both kernel and     userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for     this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a !=     0 IP protocol that matches this dp flow. (CVE-2023-1668)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3410 advisory.

  - A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the     datapath flow without the action modifying the IP header. This issue results (for both kernel and     userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for     this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a !=     0 IP protocol that matches this dp flow. (CVE-2023-1668)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1824 advisory.

  - openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7da03dc2ae advisory.

  - A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the     datapath flow without the action modifying the IP header. This issue results (for both kernel and     userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for     this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a !=     0 IP protocol that matches this dp flow. (CVE-2023-1668)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1823 advisory.

  - openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5387 advisory.

  - A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the     datapath flow without the action modifying the IP header. This issue results (for both kernel and     userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for     this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a !=     0 IP protocol that matches this dp flow. (CVE-2023-1668)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1770 advisory.

  - openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1769 advisory.

  - openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1765 advisory.

  - openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1766 advisory.

  - openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
195853	RHEL 8 : openvswitch (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	critical
195831	RHEL 9 : openvswitch (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	high
195808	RHEL 7 : openvswitch (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	critical
186285	GLSA-202311-16 : Open vSwitch: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	critical
177606	SUSE SLES12 Security Update : openvswitch (SUSE-SU-2023:2621-1)	Nessus	SuSE Local Security Checks	high
177439	SUSE SLES15 / openSUSE 15 Security Update : openvswitch3 (SUSE-SU-2023:2536-1)	Nessus	SuSE Local Security Checks	high
176768	RHEL 8 : Red Hat Virtualization Host 4.4.z SP 1 (RHSA-2023:3491)	Nessus	Red Hat Local Security Checks	high
176410	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openvswitch (SUSE-SU-2023:2296-1)	Nessus	SuSE Local Security Checks	high
176271	SUSE SLES15 / openSUSE 15 Security Update : openvswitch (SUSE-SU-2023:2274-1)	Nessus	SuSE Local Security Checks	critical
176264	SUSE SLES15 Security Update : openvswitch (SUSE-SU-2023:2275-1)	Nessus	SuSE Local Security Checks	critical
175567	Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Open vSwitch vulnerability (USN-6068-1)	Nessus	Ubuntu Local Security Checks	high
174966	Debian DLA-3410-1 : openvswitch - LTS security update	Nessus	Debian Local Security Checks	high
174693	RHEL 8 : openvswitch2.15 (RHSA-2023:1824)	Nessus	Red Hat Local Security Checks	high
174659	Fedora 38 : openvswitch (2023-7da03dc2ae)	Nessus	Fedora Local Security Checks	high
174563	RHEL 8 : openvswitch2.13 (RHSA-2023:1823)	Nessus	Red Hat Local Security Checks	high
174273	Debian DSA-5387-1 : openvswitch - security update	Nessus	Debian Local Security Checks	high
174270	RHEL 9 : openvswitch3.1 (RHSA-2023:1770)	Nessus	Red Hat Local Security Checks	high
174269	RHEL 9 : openvswitch2.17 (RHSA-2023:1769)	Nessus	Red Hat Local Security Checks	high
174268	RHEL 8 : openvswitch2.17 (RHSA-2023:1765)	Nessus	Red Hat Local Security Checks	high
174267	RHEL 8 : openvswitch3.1 (RHSA-2023:1766)	Nessus	Red Hat Local Security Checks	high

Detections

Analytics

CVE-2023-1668

high

Tenable Plugins

critical

high

critical

critical

high

high

high

high

critical

critical

high

high

high

high

high

high

high

high

high

high