← Back

CVE-2022-4338

nvd nist
Published: Jan 10, 2023Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.

Affected (7)

Openvswitch
1 product
Openvswitch
Debian
1 product
Debian Linux
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Openvswitch
Openvswitch
Before 2.13.10
Openvswitch
From 2.14.0 to 2.14.8
Openvswitch
From 2.15.0 to 2.15.7
Openvswitch
From 2.16.0 to 2.16.6
Openvswitch
From 2.17.0 to 2.17.5
Openvswitch
From 3.0.0 to 3.0.3
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 11.0

Related CWEs

CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CWE-191
Integer Underflow (Wrap or Wraparound)
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References (10)

Source: secalert@redhat.com
PatchThird Party Advisory
Source: secalert@redhat.com
Mailing ListPatchVendor Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory

Timeline

No history available yet.