PT-2023-1102 · Unknown+6 · Openvswitch+6

Qian Chen

Published

2022-12-31

Updated

2024-06-15

CVE-2022-4338

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Open vSwitch versions prior to the fixed version

Description The issue is related to an integer underflow in Organization Specific TLV, which can be exploited by sending specially crafted LLDP messages to the vulnerable system, allowing a remote attacker to execute arbitrary code.

Recommendations For versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider restricting access to the Organization Specific TLV to minimize the risk of exploitation.

Fix

Integer Underflow

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191CWE-125

Related Identifiers

ALT-PU-2023-1745

ALT-PU-2023-1806

AZL-12953

BDU:2023-00291

CVE-2022-4338

DLA-3253-1

DSA-5319-1

OESA-2023-1025

OESA-2023-1042

OESA-2023-1043

OPENSUSE-SU-2023_2250-2

OPENSUSE-SU-2024:12860-1

RHSA-2023:0685

RHSA-2023:0687

RHSA-2023:0688

RHSA-2023:0689

RHSA-2023:0691

ROSA-SA-2023-2262

SUSE-SU-2023:2250-1

SUSE-SU-2023:2250-2

SUSE-SU-2023:2251-1

SUSE-SU-2023:2255-1

SUSE-SU-2023:2259-1

SUSE-SU-2023:2274-1

SUSE-SU-2023:2275-1

SUSE-SU-2023:2360-1

USN-5890-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Openvswitch

Red Os

Suse

Ubuntu

PT-2023-1102 · Unknown+6 · Openvswitch+6

CVE-2022-4338

Weakness Enumeration

Related Identifiers

Affected Products

References · 63