{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-1668", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-02T05:57:24.726Z", "dateReserved": "2023-03-27T00:00:00", "datePublished": "2023-04-10T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-11-26T11:06:12.014505"}, "descriptions": [{"lang": "en", "value": "A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow."}], "affected": [{"vendor": "n/a", "product": "openvswitch", "versions": [{"version": "unknown", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137666"}, {"url": "https://www.openwall.com/lists/oss-security/2023/04/06/1"}, {"name": "DSA-5387", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2023/dsa-5387"}, {"name": "FEDORA-2023-7da03dc2ae", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2GUNS3WSJG4TUDKZ5L7FXGJMVOD6EJZ/"}, {"name": "[debian-lts-announce] 20230501 [SECURITY] [DLA 3410-1] openvswitch security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00000.html"}, {"name": "GLSA-202311-16", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202311-16"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-670", "cweId": "CWE-670"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:57:24.726Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137666", "tags": ["x_transferred"]}, {"url": "https://www.openwall.com/lists/oss-security/2023/04/06/1", "tags": ["x_transferred"]}, {"name": "DSA-5387", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2023/dsa-5387"}, {"name": "FEDORA-2023-7da03dc2ae", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2GUNS3WSJG4TUDKZ5L7FXGJMVOD6EJZ/"}, {"name": "[debian-lts-announce] 20230501 [SECURITY] [DLA 3410-1] openvswitch security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00000.html"}, {"name": "GLSA-202311-16", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202311-16"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "48C1C5E9-E256-43FD-9797-12F07441AAB1", "versionEndExcluding": "2.13.11", "versionStartIncluding": "1.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "A83DDD27-28AF-4ADA-9B8F-6573F29E9E22", "versionEndExcluding": "2.14.9", "versionStartIncluding": "2.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB75186B-4FB7-473D-B249-5A023DA1FDA4", "versionEndExcluding": "2.15.8", "versionStartIncluding": "2.15.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD2D922F-E28D-4777-B0A9-814996568D1F", "versionEndExcluding": "2.16.7", "versionStartIncluding": "2.16.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "B88C4B2D-F726-46E4-8021-42C5770CF91B", "versionEndExcluding": "2.17.6", "versionStartIncluding": "2.17.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "92486D94-C16D-4422-986D-CC4BCC01F98A", "versionEndExcluding": "3.0.4", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudbase:open_vswitch:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C1AC9C8-68B9-413F-866F-46B279906B08", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*", "matchCriteriaId": "DCC81071-B46D-4F5D-AC25-B4A4CCC20C73", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*", "matchCriteriaId": "4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack_platform:17.0:*:*:*:*:*:*:*", "matchCriteriaId": "F7076B1E-0529-43CC-828B-45C2ED11F9F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*", "matchCriteriaId": "053C1B35-3869-41C2-9551-044182DE0A64", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:fast_datapath:-:*:*:*:*:*:*:*", "matchCriteriaId": "0A63D05D-BFAF-484B-BA49-5F5E399CDA02", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow."}], "id": "CVE-2023-1668", "lastModified": "2023-11-26T11:15:08.477", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-10T22:15:09.133", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137666"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00000.html"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2GUNS3WSJG4TUDKZ5L7FXGJMVOD6EJZ/"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202311-16"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5387"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Mitigation", "Patch"], "url": "https://www.openwall.com/lists/oss-security/2023/04/06/1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-670"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-670"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by David Marchand (Red Hat).", "affected_release": [{"advisory": "RHSA-2023:1765", "cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "package": "openvswitch2.17-0:2.17.0-88.el8fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 8", "release_date": "2023-04-13T00:00:00Z"}, {"advisory": "RHSA-2023:1766", "cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "package": "openvswitch3.1-0:3.1.0-17.el8fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 8", "release_date": "2023-04-13T00:00:00Z"}, {"advisory": "RHSA-2023:1823", "cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "package": "openvswitch2.13-0:2.13.0-214.el8fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 8", "release_date": "2023-04-18T00:00:00Z"}, {"advisory": "RHSA-2023:1824", "cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "package": "openvswitch2.15-0:2.15.0-136.el8fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 8", "release_date": "2023-04-18T00:00:00Z"}, {"advisory": "RHSA-2023:1769", "cpe": "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "package": "openvswitch2.17-0:2.17.0-77.el9fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 9", "release_date": "2023-04-13T00:00:00Z"}, {"advisory": "RHSA-2023:1770", "cpe": "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "package": "openvswitch3.1-0:3.1.0-14.el9fdp", "product_name": "Fast Datapath for Red Hat Enterprise Linux 9", "release_date": "2023-04-13T00:00:00Z"}, {"advisory": "RHSA-2023:3491", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "redhat-virtualization-host-0:4.5.3-202306050942_8.6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2023-06-06T00:00:00Z"}], "bugzilla": {"description": "openvswitch: ip proto 0 triggers incorrect handling", "id": "2137666", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137666"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "status": "verified"}, "cwe": "CWE-670", "details": ["A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.", "A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow."], "mitigation": {"lang": "en:us", "value": "For any version of Open vSwitch, preventing packets with network\nprotocol number '0' from reaching Open vSwitch will prevent the issue.\nThis is difficult to achieve because Open vSwitch obtains packets before\nthe iptables or nftables host firewall, so iptables or nftables on the\nOpen vSwitch host cannot ordinarily block the vulnerability.\nAnother method would be to add a high priority flow to the flow table\nexplicitly matching on nw protocol '0' and handling that traffic\nseparately:\ntable=0 priority=32768,ip,ip_proto=0 actions=drop\nThis would need to be similarly done for IPv6 traffic as well."}, "name": "CVE-2023-1668", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "fix_state": "Out of support scope", "package_name": "openvswitch", "product_name": "Fast Datapath for RHEL 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "fix_state": "Out of support scope", "package_name": "openvswitch2.10", "product_name": "Fast Datapath for RHEL 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "fix_state": "Out of support scope", "package_name": "openvswitch2.11", "product_name": "Fast Datapath for RHEL 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "fix_state": "Out of support scope", "package_name": "openvswitch2.12", "product_name": "Fast Datapath for RHEL 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7::fastdatapath", "fix_state": "Out of support scope", "package_name": "openvswitch2.13", "product_name": "Fast Datapath for RHEL 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "fix_state": "Out of support scope", "package_name": "openvswitch2.11", "product_name": "Fast Datapath for RHEL 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "fix_state": "Out of support scope", "package_name": "openvswitch2.12", "product_name": "Fast Datapath for RHEL 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8::fastdatapath", "fix_state": "Out of support scope", "package_name": "openvswitch2.16", "product_name": "Fast Datapath for RHEL 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9::fastdatapath", "fix_state": "Out of support scope", "package_name": "openvswitch3.0", "product_name": "Fast Datapath for RHEL 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "openvswitch", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "openvswitch-ovn-kubernetes", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Out of support scope", "package_name": "openvswitch2.15", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openvswitch2.16", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openvswitch2.17", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openvswitch3.1", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Out of support scope", "package_name": "openvswitch", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Out of support scope", "package_name": "openvswitch2.11", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Out of support scope", "package_name": "rhosp13/openstack-neutron-openvswitch-agent", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Out of support scope", "package_name": "rhosp13/openstack-openvswitch-base", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Out of support scope", "package_name": "rhosp-openvswitch", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "ovirt-openvswitch", "product_name": "Red Hat Virtualization 4"}], "public_date": "2023-04-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-1668\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-1668\nhttps://www.openwall.com/lists/oss-security/2023/04/06/1"], "statement": "In OpenShift Container Platform (OCP) the openvswitch rpm package is consumed from the RHEL Fast Datapath repositories, hence OCP openvswitch components are marked as \"Will not fix\".", "threat_severity": "Moderate", "upstream_fix": "ovs 3.1.1, ovs 3.0.4, ovs 2.17.6, ovs 2.16.7, ovs 2.15.8, ovs 2.14.9, ovs 2.13.11"}