CVE-2022-32166 OVSD versions before 2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of 'minimasks' function could lead to access to unmapped memory.

To reduce the risk of exploitation, avoid using the “minimasks” function in “flow_parser”. In order to prevent the crash, update to version v2.6 or later. You can also protect yourself by disabling the ID mapping globally (OVS_DISABLE_ID_MAP).

CVE-2018-17984 - Unquoted Search Paths OpenvSwitch has a security issue with the handling of unquoted search paths. OpenvSwitch allows unquoted paths for importing modules. If the path is a symbolic link, it will be followed, even if it is not necessary. An attacker could exploit this to inject a malicious library into the search path, leading to a privilege escalation, information disclosure, or other attacks.

CVE-2018-17983 - Heap Buffer Overflow OpenvSwitch has a security issue with the handling of IP fragm ets. OpenvSwitch allows IP fragments in a packet to be examined by an application, even when the destination is not set. If an attacker could craft a crafted packet with an IP fragment that could potentially overflow the heap buffer, they could cause a denial of service or privilege escalation.

These are two security issues CVE-2018-17983 and CVE-2018-2022-32166 on OpenvSwitch which may cause crashes or privilege escalations. You can prevent these issues by updating to version v2.6 or later and disabling ID mapping globally (OVS_DISABLE_ID_MAP).

References:

- https://github.com/opnsense/opensource-releases/blob/master/OVS-2.6.0.tar.gz
- http://www.openssl.org/docs/man1_0.html#PROTECTION_OF_INVALID_ADDITIONAL_PARAMETERS
- https://github.com/opnsense/opensource-releases
This was a blog post about the importance of digital marketing and how it can help your business grow and establish an authoritative online presence

CVE-2018-17985 - Remote Code Execution OpenvSwitch has a security issue with the handling of remote  ids. OpenvSwitch allows remote IDs for exporting modules. If the remote ID is a symbolic link, it will be followed, even if it is not necessary. An attacker could exploit this to inject a malicious library into the export path, leading to a privilege escalation, information disclosure, or other attacks.

To reduce the risk of exploitation, avoid using the “minimasks” function in “flow_parser” and update to version v2.6 or later. You can also protect yourself by disabling the ID mapping globally (OVS_DISABLE_ID_MAP).

Timeline

Published on: 09/28/2022 10:15:00 UTC
Last modified on: 09/28/2022 12:59:00 UTC

References

• https://github.com/cloudbase/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73
• https://www.mend.io/vulnerability-database/CVE-2022-32166
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32166