Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.GENTOO_GLSA-202311-16.NASL
HistoryNov 26, 2023 - 12:00 a.m.

GLSA-202311-16 : Open vSwitch: Multiple Vulnerabilities

2023-11-2600:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
open vswitch
vulnerabilities
system availability
crafted packets
memory leaks
use-after-free
denial of service
nessus scanner

7 High

AI Score

Confidence

High

JSON

The remote host is affected by the vulnerability described in GLSA-202311-16 (Open vSwitch: Multiple Vulnerabilities)

  • A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service.
    The highest threat from this vulnerability is to system availability. (CVE-2020-27827)

  • A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-35498)

  • A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
    (CVE-2021-3905)

  • Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. (CVE-2021-36980)

  • An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
    (CVE-2022-4337)

  • An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
    (CVE-2022-4338)

  • A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow. (CVE-2023-1668)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# @NOAGENT@
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 202311-16.
#
# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('compat.inc');

if (description)
{
  script_id(186285);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/26");

  script_cve_id(
    "CVE-2020-27827",
    "CVE-2020-35498",
    "CVE-2021-3905",
    "CVE-2021-36980",
    "CVE-2022-4337",
    "CVE-2022-4338",
    "CVE-2023-1668"
  );

  script_name(english:"GLSA-202311-16 : Open vSwitch: Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"");
  script_set_attribute(attribute:"description", value:
"The remote host is affected by the vulnerability described in GLSA-202311-16 (Open vSwitch: Multiple Vulnerabilities)

  - A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to
    be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service.
    The highest threat from this vulnerability is to system availability. (CVE-2020-27827)

  - A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing
    can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel
    to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to
    system availability. (CVE-2020-35498)

  - A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker
    could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
    (CVE-2021-3905)

  - Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP
    (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. (CVE-2021-36980)

  - An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
    (CVE-2022-4337)

  - An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
    (CVE-2022-4338)

  - A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the
    datapath flow without the action modifying the IP header. This issue results (for both kernel and
    userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for
    this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a !=
    0 IP protocol that matches this dp flow. (CVE-2023-1668)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security.gentoo.org/glsa/202311-16");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=765346");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=769995");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=803107");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=887561");
  script_set_attribute(attribute:"solution", value:
"All Open vSwitch users should upgrade to the latest version:

          # emerge --sync
          # emerge --ask --oneshot --verbose >=net-misc/openvswitch-2.17.6");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-35498");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-4338");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/02/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/11/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/26");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:openvswitch");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Gentoo Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}
include('qpkg.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/Gentoo/release')) audit(AUDIT_OS_NOT, 'Gentoo');
if (!get_kb_item('Host/Gentoo/qpkg-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var flag = 0;

var packages = [
  {
    'name' : 'net-misc/openvswitch',
    'unaffected' : make_list("ge 2.17.6"),
    'vulnerable' : make_list("lt 2.17.6")
  }
];

foreach var package( packages ) {
  if (isnull(package['unaffected'])) package['unaffected'] = make_list();
  if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();
  if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;
}


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : qpkg_report_get()
  );
  exit(0);
}
else
{
  qpkg_tests = list_uniq(qpkg_tests);
  var tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Open vSwitch');
}
VendorProductVersionCPE
gentoolinuxopenvswitchp-cpe:/a:gentoo:linux:openvswitch
gentoolinuxcpe:/o:gentoo:linux

Related

gentoo 1
nessus 63
openvas 39
redhat 17
rosalinux 1
redos 2
ubuntu 3
osv 11
debian 6
ubuntucve 5
fedora 3
photon 6
cbl_mariner 8
redhatcve 4
alpinelinux 4
suse 5
archlinux 2
debiancve 3
cve 3
veracode 5
altlinux 1
citrix 1
prion 5
githubexploit 1
gentoo
gentoo
Open vSwitch: Multiple Vulnerabilities
2023-11-26 00:00:00
nessus
nessus
SUSE SLES15 Security Update : openvswitch (SUSE-SU-2023:2275-1)
2023-05-24 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : openvswitch (SUSE-SU-2023:2274-1)
2023-05-24 00:00:00
RHEL 7 : openvswitch2.11 (RHSA-2021:1050)
2021-03-31 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:2274-1)
2023-05-24 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:2275-1)
2023-05-24 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:2360-1)
2023-06-05 00:00:00
redhat
redhat
(RHSA-2021:1050) Moderate: openvswitch2.11 security update
2021-03-31 12:24:44
(RHSA-2021:0835) Moderate: openvswitch2.13 security update
2021-03-15 14:20:52
(RHSA-2021:0497) Moderate: openvswitch2.13 security and bug fix update
2021-02-11 14:29:28
rosalinux
rosalinux
Advisory ROSA-SA-2023-2262
2023-10-22 05:27:25
redos
redos
ROS-20230117-02
2023-01-17 00:00:00
ROS-2-644
2021-09-08 00:00:00
ubuntu
ubuntu
Open vSwitch vulnerabilities
2023-02-27 00:00:00
Open vSwitch vulnerability
2021-09-08 00:00:00
Open vSwitch vulnerability
2021-02-10 00:00:00
osv
osv
openvswitch vulnerabilities
2023-02-27 12:24:28
openvswitch - security update
2023-01-13 00:00:00
openvswitch - security update
2022-12-31 00:00:00
debian
debian
[SECURITY] [DSA 5319-1] openvswitch security update
2023-01-13 19:23:15
[SECURITY] [DLA 3253-1] openvswitch security update
2022-12-31 14:57:34
[SECURITY] [DSA 4852-1] openvswitch security update
2021-02-15 12:24:20
ubuntucve
ubuntucve
CVE-2022-4338
2023-01-10 00:00:00
CVE-2020-35498
2021-02-10 00:00:00
CVE-2021-36980
2021-07-20 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: dpdk-20.11-1.fc33
2021-03-04 20:10:59
[SECURITY] Fedora 33 Update: openvswitch-2.15.0-1.fc33
2021-03-04 20:11:00
[SECURITY] Fedora 38 Update: openvswitch-3.1.1-1.fc38
2023-04-22 22:23:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-0316
2023-01-18 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0316
2023-01-18 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0519
2023-01-23 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-36980 affecting package openvswitch 2.12.3-2
2021-09-09 15:02:58
CVE-2020-35498 affecting package openvswitch 2.12.0-3
2021-04-06 23:50:11
CVE-2021-36980 affecting package openvswitch for versions less than 2.17.0-1
2022-04-14 19:39:46
redhatcve
redhatcve
CVE-2021-36980
2021-07-21 14:37:22
CVE-2020-35498
2021-02-10 21:38:37
CVE-2020-27827
2021-01-28 02:24:31
alpinelinux
alpinelinux
CVE-2021-36980
2021-07-20 07:15:00
CVE-2020-35498
2021-02-11 18:15:00
CVE-2020-27827
2021-03-18 17:15:00
suse
suse
Security update for openvswitch (moderate)
2022-09-06 00:00:00
Security update for openvswitch (moderate)
2022-09-06 00:00:00
Security update for openvswitch (moderate)
2022-09-06 00:00:00
archlinux
archlinux
[ASA-202107-40] openvswitch: arbitrary code execution
2021-07-20 00:00:00
[ASA-202101-29] lldpd: information disclosure
2021-01-20 00:00:00
debiancve
debiancve
CVE-2021-36980
2021-07-20 07:15:00
CVE-2020-27827
2021-03-18 17:15:00
CVE-2020-35498
2021-02-11 18:15:00
cve
cve
CVE-2021-36980
2021-07-20 07:15:00
CVE-2020-27827
2021-03-18 17:15:00
CVE-2020-35498
2021-02-11 18:15:00
veracode
veracode
Denial Of Service (DoS)
2021-02-12 06:36:48
Denial Of Service (DoS)
2021-01-14 16:37:28
Integer Underflow
2023-01-26 08:28:52
altlinux
altlinux
Security fix for the ALT Linux 9 package openvswitch version 2.14.2-alt0.p9
2021-06-07 00:00:00
citrix
citrix
Citrix Hypervisor Security Bulletin for CVE-2020-35498
2022-09-13 12:48:15
prion
prion
Denial of service
2021-02-11 18:15:00
Design/Logic Flaw
2021-07-20 07:15:00
Denial of service
2021-03-18 17:15:00
githubexploit
githubexploit
Exploit for Uncontrolled Resource Consumption in Openvswitch
2021-02-12 02:08:01

7 High

AI Score

Confidence

High

JSON
Related for GENTOO_GLSA-202311-16.NASL
gentoo1nessus63openvas39redhat17rosalinux1redos2ubuntu3osv11debian6ubuntucve5fedora3photon6cbl_mariner8redhatcve4alpinelinux4suse5archlinux2debiancve3cve3veracode5altlinux1citrix1prion5githubexploit1