CVE-2023-3153 Service monitor mac flow is not rate limited

🗓️ 04 Oct 2023 11:13:40Reported by redhatType

Flaw in Open Virtual Network service monitor MAC flow not rate limited, allowing DoS

Reporter	Title	Published	Views	Family All 46
ATTACKERKB	CVE-2023-3153	4 Oct 202312:15	–	attackerkb
AstraLinux	Astra Linux - уязвимость в ovn	20 May 202605:53	–	astralinux
BDU FSTEC	The vulnerability of the MAC Service Monitor component of the Open vSwitch software multi-level switch allows a attacker to trigger a service failure.	9 Apr 202500:00	–	bdu_fstec
Circl	CVE-2023-3153	4 Oct 202316:11	–	circl
CNNVD	Open Virtual Network 安全漏洞	7 Jun 202300:00	–	cnnvd
CVE	CVE-2023-3153	4 Oct 202311:13	–	cve
Debian CVE	CVE-2023-3153	4 Oct 202311:13	–	debiancve
EUVD	EUVD-2023-43837	3 Oct 202520:07	–	euvd
NVD	CVE-2023-3153	4 Oct 202312:15	–	nvd
OpenVAS	openSUSE: Security Advisory for openvswitch3 (SUSE-SU-2023:3710-1)	4 Mar 202400:00	–	openvas

[
  {
    "product": "ovn",
    "vendor": "n/a",
    "versions": [
      {
        "version": "22.12.1",
        "status": "unaffected"
      },
      {
        "version": "22.03.3",
        "status": "unaffected"
      },
      {
        "version": "23.06.1",
        "status": "unaffected"
      },
      {
        "version": "23.03.1",
        "status": "unaffected"
      },
      {
        "version": "22.09.2",
        "status": "unaffected"
      }
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Fast Datapath for RHEL 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ovn2.11",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Fast Datapath for RHEL 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ovn2.12",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Fast Datapath for RHEL 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ovn2.13",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Fast Datapath for RHEL 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ovn-2021",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Fast Datapath for RHEL 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ovn2.11",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Fast Datapath for RHEL 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ovn2.12",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Fast Datapath for RHEL 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ovn2.13",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Fast Datapath for RHEL 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ovn22.03",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Fast Datapath for RHEL 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ovn22.06",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Fast Datapath for RHEL 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ovn22.09",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Fast Datapath for RHEL 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ovn22.12",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Fast Datapath for RHEL 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ovn-2021",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Fast Datapath for RHEL 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ovn22.03",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Fast Datapath for RHEL 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ovn22.06",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Fast Datapath for RHEL 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ovn22.09",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Fast Datapath for RHEL 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ovn22.12",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9::fastdatapath"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ovn-2021",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ovn21.09",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ovn21.12",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ovn22.03",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ovn22.06",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ovn22.09",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ovn22.12",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ovn23.03",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenStack Platform 13 (Queens)",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "ovn2.11",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/a:redhat:openstack:13"
    ]
  },
  {
    "product": "Fedora",
    "vendor": "Fedora",
    "collectionURL": "https://packages.fedoraproject.org/",
    "packageName": "ovn",
    "defaultStatus": "affected"
  }
]

Source	Link
access	www.access.redhat.com/security/cve/CVE-2023-3153
mail	www.mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html
mail	www.mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html
github	www.github.com/ovn-org/ovn/issues/198
github	www.github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

04 Oct 2023 11:13Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.15.3

EPSS0.00069

CWE-400