CVE-2023-5366: Openvswitch don't match packets on nd_target field
First published: Tue Sep 21 2021(Updated: )
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Openvswitch Openvswitch | <2023-02-28 | |
| Redhat Openshift Container Platform | =4.0 | |
| Redhat Virtualization | =4.0 | |
| Redhat Enterprise Linux | =7.0 | |
| Redhat Fast Datapath | ||
| Redhat Enterprise Linux | =7.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux | =9.0 | |
| All of | ||
| Redhat Fast Datapath | ||
| Any of | ||
| Redhat Enterprise Linux | =7.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux | =9.0 | |
| ubuntu/openvswitch | <3.2.2<3.1.4<3.0.6<2.17.9 | 3.2.2 3.1.4 3.0.6 2.17.9 |
| ubuntu/openvswitch | <3.2.2-0ubuntu0.23.10.1 | 3.2.2-0ubuntu0.23.10.1 |
| ubuntu/openvswitch | <2.13.8-0ubuntu1.4 | 2.13.8-0ubuntu1.4 |
| ubuntu/openvswitch | <2.17.9-0ubuntu0.22.04.1 | 2.17.9-0ubuntu0.22.04.1 |
| debian/openvswitch | <=2.10.7+ds1-0+deb10u1<=2.15.0+ds1-2+deb11u4<=3.1.0-2 | 2.10.7+ds1-0+deb10u5 2.15.0+ds1-2+deb11u5 3.1.0-2+deb12u1 3.3.0~git20240118.e802fe7-3 3.3.0-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2023-5366
- https://bugzilla.redhat.com/show_bug.cgi?id=2006347
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2005408
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2240831
- https://github.com/openvswitch/ovs/commit/489553b1c21692063931a9f50b6849b23128443c
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2240833
- https://github.com/openvswitch/ovs/commit/61a1f14b26be12b5643f00e1fa24f08f5ff418ee
- https://github.com/openvswitch/ovs/commit/694c7b4e097c4d89e23ea9b3c7b677b4fcbe0459
- https://security-tracker.debian.org/tracker/CVE-2023-5366
- http://www.openwall.com/lists/oss-security/2024/02/08/4
- https://lists.debian.org/debian-lts-announce/2024/02/msg00004.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/
- https://launchpad.net/bugs/cve/CVE-2023-5366
- https://ubuntu.com/security/notices/USN-6514-1
- https://mail.openvswitch.org/pipermail/ovs-announce/2024-February/000342.html
- https://ubuntu.com/security/notices/USN-6690-1
- https://www.cve.org/CVERecord?id=CVE-2023-5366
- https://nvd.nist.gov/vuln/detail/CVE-2023-5366
- https://github.com/openvswitch/ovs/commit/61003d0280625e15796f18d14ce1b5f46e560f3e
- https://github.com/openvswitch/ovs/commit/7570744c5add3a91b468c4ffa5bc73ef1f5bb18a
- https://github.com/openvswitch/ovs/commit/d3f9eab1abbb6a11c2a166472c184f54fd740bf1
- https://github.com/openvswitch/ovs/commit/a6c0a3deb268f34faef0062e2c05ece563d50ecb
- https://github.com/openvswitch/ovs/commit/e235a421fbdb0c70176e8a3bef13bf7e2056cbc1
- https://github.com/openvswitch/ovs/commit/132fa24b656e1bc45b6ce8ee9ab0206fa6930f65
- https://ubuntu.com/security/CVE-2023-5366
Frequently Asked Questions
What is the vulnerability ID for this flaw?
The vulnerability ID for this flaw is CVE-2023-5366.
What is the severity of CVE-2023-5366?
The severity of CVE-2023-5366 is high.
Which software is affected by CVE-2023-5366?
Openvswitch, Redhat Openshift Container Platform, Redhat Virtualization, and Redhat Enterprise Linux versions 7.0, 8.0, and 9.0 are affected by CVE-2023-5366.
How can a local attacker exploit CVE-2023-5366?
A local attacker can exploit CVE-2023-5366 by creating specially crafted packets with a modified or spoofed target IP address field to bypass OpenFlow rules.
Are Redhat Enterprise Linux versions 7.0, 8.0, and 9.0 vulnerable to CVE-2023-5366?
No, Redhat Enterprise Linux versions 7.0, 8.0, and 9.0 are not vulnerable to CVE-2023-5366.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/author
- agent/description
- agent/weakness
- collector/oss-sec
- source/oss-sec
- alias/CVE-2023-5366
- agent/severity
- agent/title
- agent/remedy
- collector/redhat-bugzilla
- source/Red Hat
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/last-modified-date
- collector/launchpad-cve
- source/Launchpad
- agent/event
- collector/nvd-api
- collector/usn-cve
- source/Ubuntu
- vendor/openvswitch
- canonical/openvswitch openvswitch
- vendor/redhat
- canonical/redhat openshift container platform
- version/redhat openshift container platform/4.0
- canonical/redhat virtualization
- version/redhat virtualization/4.0
- canonical/redhat enterprise linux
- version/redhat enterprise linux/7.0
- canonical/redhat fast datapath
- version/redhat enterprise linux/8.0
- version/redhat enterprise linux/9.0
- package-manager/debian
- package-manager/ubuntu