CVE-2023-5366

CVE-2023-5366

Name

CVE-2023-5366

Description

A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://access.redhat.com/security/cve/CVE-2023-5366
MISC	https://bugzilla.redhat.com/show_bug.cgi?id=2006347

Type

URI

MISC

https://access.redhat.com/security/cve/CVE-2023-5366

MISC

https://bugzilla.redhat.com/show_bug.cgi?id=2006347

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:openvswitch:openvswitch::::::::`	openvswitch	>= None	< 2023-02-28

CPE URI

Source package

Min version

Max version

cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*

openvswitch

>= None

< 2023-02-28

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
openvswitch	edge-community	2.17.8-r1	Stuart Cardall <developer@it-offshore.co.uk>	possibly vulnerable
openvswitch	3.18-community	2.17.8-r0	Stuart Cardall <developer@it-offshore.co.uk>	possibly vulnerable
openvswitch	3.19-community	2.17.8-r1	Stuart Cardall <developer@it-offshore.co.uk>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

openvswitch

edge-community

2.17.8-r1

Stuart Cardall <developer@it-offshore.co.uk>

possibly vulnerable

openvswitch

3.18-community