PT-2023-1102 · Unknown+6 · Openvswitch+6

Qian Chen

Publicado

2022-12-31

Atualizado

2024-06-15

CVE-2022-4338

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Open vSwitch versions prior to the fixed version

Description The issue is related to an integer underflow in Organization Specific TLV, which can be exploited by sending specially crafted LLDP messages to the vulnerable system, allowing a remote attacker to execute arbitrary code.

Recommendations For versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider restricting access to the Organization Specific TLV to minimize the risk of exploitation.

Correção

Integer Underflow

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-191CWE-125

Identificadores relacionados

ALT-PU-2023-1745

ALT-PU-2023-1806

AZL-12953

BDU:2023-00291

CVE-2022-4338

DLA-3253-1

DSA-5319-1

OESA-2023-1025

OESA-2023-1042

OESA-2023-1043

OPENSUSE-SU-2023_2250-2

OPENSUSE-SU-2024:12860-1

RHSA-2023:0685

RHSA-2023:0687

RHSA-2023:0688

RHSA-2023:0689

RHSA-2023:0691

ROSA-SA-2023-2262

SUSE-SU-2023:2250-1

SUSE-SU-2023:2250-2

SUSE-SU-2023:2251-1

SUSE-SU-2023:2255-1

SUSE-SU-2023:2259-1

SUSE-SU-2023:2274-1

SUSE-SU-2023:2275-1

SUSE-SU-2023:2360-1

USN-5890-1

Produtos afetados

Alt Linux

Astra Linux

Linuxmint

Openvswitch

Red Os

Suse

Ubuntu

PT-2023-1102 · Unknown+6 · Openvswitch+6

CVE-2022-4338

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 63