CVE-2023-5366

2023-10-0618:15:12

Debian Security Bug Tracker

security-tracker.debian.org

cve-2023-5366

open vswitch

icmpv6 neighbor advertisement

openflow rules

local attacker

crafted packets

spoofed target ip

icmpv6 traffic

arbitrary ip addresses

unix

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

EPSS

Percentile

5.1%

JSON

A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.

OSVersionArchitecturePackageVersionFilename
Debian12allopenvswitch< 3.1.0-2+deb12u1openvswitch_3.1.0-2+deb12u1_all.deb
Debian11allopenvswitch< 2.15.0+ds1-2+deb11u5openvswitch_2.15.0+ds1-2+deb11u5_all.deb
Debian999allopenvswitch< 3.1.2-1openvswitch_3.1.2-1_all.deb
Debian13allopenvswitch< 3.1.2-1openvswitch_3.1.2-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	openvswitch	< 3.1.0-2+deb12u1	openvswitch_3.1.0-2+deb12u1_all.deb
Debian	11	all	openvswitch	< 2.15.0+ds1-2+deb11u5	openvswitch_2.15.0+ds1-2+deb11u5_all.deb
Debian	999	all	openvswitch	< 3.1.2-1	openvswitch_3.1.2-1_all.deb
Debian	13	all	openvswitch	< 3.1.2-1	openvswitch_3.1.2-1_all.deb