First published: Tue Jan 10 2023(Updated: )
An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Openvswitch Openvswitch | <2.13.10 | |
Openvswitch Openvswitch | >=2.14.0<2.14.8 | |
Openvswitch Openvswitch | >=2.15.0<2.15.7 | |
Openvswitch Openvswitch | >=2.16.0<2.16.6 | |
Openvswitch Openvswitch | >=2.17.0<2.17.5 | |
Openvswitch Openvswitch | >=3.0.0<3.0.3 | |
Debian Debian Linux | =11.0 | |
debian/openvswitch | <=2.10.7+ds1-0+deb10u1 | 2.10.7+ds1-0+deb10u4 2.15.0+ds1-2+deb11u4 3.1.0-2 3.2.2~git20231029-2 |
<2.13.10 | ||
>=2.14.0<2.14.8 | ||
>=2.15.0<2.15.7 | ||
>=2.16.0<2.16.6 | ||
>=2.17.0<2.17.5 | ||
>=3.0.0<3.0.3 | ||
=11.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-4338 is an integer underflow vulnerability in Organization Specific TLV in various versions of OpenvSwitch.
Various versions of OpenvSwitch including 2.13.10 up to but excluding 2.14.8, 2.15.7 up to but excluding 2.16.6, 2.17.5 up to but excluding 3.0.3 are affected by CVE-2022-4338.
CVE-2022-4338 has a severity score of 9.8, which is considered critical.
To fix CVE-2022-4338, you should update OpenvSwitch to version 2.10.7+ds1-0+deb10u4, 2.15.0+ds1-2+deb11u4, 3.1.0-2, or 3.2.0-2.
You can find more information about CVE-2022-4338 in the following references: [GitHub Pull Request](https://github.com/openvswitch/ovs/pull/405), [OpenvSwitch Mailing List](https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html), [Debian Security Advisory](https://www.debian.org/security/2023/dsa-5319).