CVE-2024-2182

EPSS 0.39%
Published 12.03.2024 17:15:59
Last modified 21.11.2024 09:09:12
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.

Affected products Warnungen 0 Metrics 2 CWE 1 References 21

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://www.github.com/ovn-org/ovn/

≫

Package ovn

Default Statusunaffected

Version < *

Version 20.03.0

Status affected

VendorRed Hat

≫

Product Fast Datapath for Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:23.06.1-112.el8fdp

Status unaffected

VendorRed Hat

≫

Product Fast Datapath for Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:22.12.1-94.el8fdp

Status unaffected

VendorRed Hat

≫

Product Fast Datapath for Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:22.03.3-71.el8fdp

Status unaffected

VendorRed Hat

≫

Product Fast Datapath for Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:23.03.1-100.el8fdp

Status unaffected

VendorRed Hat

≫

Product Fast Datapath for Red Hat Enterprise Linux 8

Default Statusaffected

Version < *

Version 0:21.12.0-142.el8fdp

Status unaffected

VendorRed Hat

≫

Product Fast Datapath for Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:23.09.0-136.el9fdp

Status unaffected

VendorRed Hat

≫

Product Fast Datapath for Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:23.06.1-112.el9fdp

Status unaffected

VendorRed Hat

≫

Product Fast Datapath for Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:22.12.1-94.el9fdp

Status unaffected

VendorRed Hat

≫

Product Fast Datapath for Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:22.03.3-71.el9fdp

Status unaffected

VendorRed Hat

≫

Product Fast Datapath for Red Hat Enterprise Linux 9

Default Statusaffected

Version < *

Version 0:23.03.1-100.el9fdp

Status unaffected

VendorRed Hat

≫

Product Fast Datapath for RHEL 7

Default Statusunknown

VendorRed Hat

≫

Product Fast Datapath for RHEL 7

Default Statusunknown

VendorRed Hat

≫

Product Fast Datapath for RHEL 7

Default Statusunknown

VendorRed Hat

≫

Product Fast Datapath for RHEL 8

Default Statusunknown

VendorRed Hat

≫

Product Fast Datapath for RHEL 8

Default Statusunknown

VendorRed Hat

≫

Product Fast Datapath for RHEL 8

Default Statusunknown

VendorRed Hat

≫

Product Fast Datapath for RHEL 8

Default Statusunknown

VendorRed Hat

≫

Product Fast Datapath for RHEL 8

Default Statusunknown

VendorRed Hat

≫

Product Fast Datapath for RHEL 9

Default Statusaffected

VendorRed Hat

≫

Product Fast Datapath for RHEL 9

Default Statusunknown

VendorRed Hat

≫

Product Fast Datapath for RHEL 9

Default Statusunknown

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.39%	0.591

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secalert@redhat.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

https://access.redhat.com/errata/RHSA-2024:1385

https://access.redhat.com/errata/RHSA-2024:1386

https://access.redhat.com/errata/RHSA-2024:1387

https://access.redhat.com/errata/RHSA-2024:1388

https://access.redhat.com/errata/RHSA-2024:1390

https://access.redhat.com/errata/RHSA-2024:1391

https://access.redhat.com/errata/RHSA-2024:1392

https://access.redhat.com/errata/RHSA-2024:1393

https://access.redhat.com/errata/RHSA-2024:1394

https://access.redhat.com/errata/RHSA-2024:4035

https://access.redhat.com/security/cve/CVE-2024-2182

https://bugzilla.redhat.com/show_bug.cgi?id=2267840

https://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.html

https://www.openwall.com/lists/oss-security/2024/03/12/5

http://www.openwall.com/lists/oss-security/2024/03/12/5

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APR4GCVCMQD3DQUKXDNGIXCCYGE5V7IT/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CB4N522FCS4XWAPUKRWZF6QZ657FCIDF/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRKXOOOKD56TY3JQVB45N3GCTX3EG4BV/

https://nvd.nist.gov/vuln/detail/CVE-2024-2182

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-2182

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-2182

EUVD