CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
75.9%
Software: openvswitch 2.16.1
OS: ROSA-CHROME
package_evr_string: openvswitch-2.16.1-3.src.rpm
CVE-ID: CVE-2019-25076
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: The TSS (Tuple Space Search) algorithm in Open vSwitch versions 2.x-2.17.2 and 3.0.0 allows remote attackers to cause denial of service (delaying legitimate traffic) using crafted packet data that requires excessive evaluation time as part of packet classification. algorithm for the MegaFlow cache, also known as the Tuple Space Explosion (TSE) attack.
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update openvswitch
CVE-ID: CVE-2021-3905
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: A memory leak was detected in Open vSwitch (OVS) while processing a user-space IP fragmentation. An attacker could exploit this vulnerability to potentially exhaust available memory by continuing to send packet fragments.
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update openvswitch
CVE-ID: CVE-2022-4337
BDU-ID: 2023-00290
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the Open vSwitch software tiered switch is related to the loss of integer significance when parsing Auto Attach TLVs. Exploitation of the vulnerability could allow an attacker acting remotely to send specially crafted LLDP messages to a vulnerable system, trigger integer loss of significance, and execute arbitrary code on the target system
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update openvswitch
CVE-ID: CVE-2022-4338
BDU-ID: 2023-00291
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the Open vSwitch software tiered switch is related to the loss of integer significance in Auto Attach TLV parsing. Exploitation of the vulnerability could allow an attacker acting remotely to send specially crafted LLDP messages to a vulnerable system, trigger integer loss of significance, and execute arbitrary code on the target system
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update openvswitch
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ROSA | any | noarch | openvswitch | < 2.16.1 | UNKNOWN |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
75.9%