CVE-2023-3153
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
04/10/2023
Last modified:
07/11/2023
Description
A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:* | 22.03.3 (excluding) | |
| cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:* | 22.03.4 (including) | 22.09.2 (excluding) |
| cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:* | 22.09.3 (including) | 22.12.1 (excluding) |
| cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:* | 22.12.2 (including) | 23.03.1 (excluding) |
| cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:* | 23.03.2 (including) | 23.06.1 (excluding) |
| cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:fast_datapath:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://access.redhat.com/security/cve/CVE-2023-3153
- https://bugzilla.redhat.com/show_bug.cgi?id=2213279
- https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd
- https://github.com/ovn-org/ovn/issues/198
- https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html
- https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html