CVE-2023-3153 - OpenCVE

A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Fast Datapath Openshift Container Platform Enterprise Linux
Ovn	Open Virtual Network

Configuration 1 [-]

OR	cpe:2.3:a:ovn:open_virtual_network::::::::
	cpe:2.3:a:ovn:open_virtual_network::::::::
	cpe:2.3:a:ovn:open_virtual_network::::::::
	cpe:2.3:a:ovn:open_virtual_network::::::::
	cpe:2.3:a:ovn:open_virtual_network::::::::

Configuration 2 [-]

cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:a:redhat:fast_datapath:-:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2023-3153	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2213279	Issue Tracking
https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd	Patch
https://github.com/ovn-org/ovn/issues/198	Issue Tracking
https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html	Mitigation Patch
https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html	Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2023-10-04T11:13:40.083Z

Updated: 2023-10-04T11:13:40.083Z

Reserved: 2023-06-07T18:04:42.140Z

Link: CVE-2023-3153

JSON object: View

NVD Information

Status : Modified

Published: 2023-10-04T12:15:10.503

Modified: 2023-11-07T04:18:03.807

Link: CVE-2023-3153

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-3153", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-06-07T18:04:42.140Z", "datePublished": "2023-10-04T11:13:40.083Z", "dateUpdated": "2023-10-04T11:13:40.083Z"}, "containers": {"cna": {"title": "Service monitor mac flow is not rate limited", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured."}], "affected": [{"product": "ovn", "vendor": "n/a", "versions": [{"version": "22.12.1", "status": "unaffected"}, {"version": "22.03.3", "status": "unaffected"}, {"version": "23.06.1", "status": "unaffected"}, {"version": "23.03.1", "status": "unaffected"}, {"version": "22.09.2", "status": "unaffected"}]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn2.11", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn2.12", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn2.13", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn-2021", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn2.11", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn2.12", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn2.13", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn22.03", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn22.06", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn22.09", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn22.12", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn-2021", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn22.03", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn22.06", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn22.09", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"]}, {"vendor": "Red Hat", "product": "Fast Datapath for RHEL 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn22.12", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9::fastdatapath"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn-2021", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn21.09", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn21.12", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn22.03", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn22.06", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn22.09", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn22.12", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn23.03", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "ovn2.11", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"product": "Fedora", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "ovn", "defaultStatus": "affected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-3153", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213279", "name": "RHBZ#2213279", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd"}, {"url": "https://github.com/ovn-org/ovn/issues/198"}, {"url": "https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html"}, {"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html"}], "datePublic": "2023-06-07T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption", "timeline": [{"lang": "en", "time": "2023-06-07T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-06-07T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "This issue was discovered by Ales Musil (Red Hat)."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-10-04T11:13:40.083Z"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CA7DFF4-C739-4EE8-AC5D-6EC06E387309", "versionEndExcluding": "22.03.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*", "matchCriteriaId": "66B2BA9A-04F3-4E63-B367-E7AE5AD04FB1", "versionEndExcluding": "22.09.2", "versionStartIncluding": "22.03.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*", "matchCriteriaId": "393B5A8F-01A6-48E3-9D04-E9F5EDDCA555", "versionEndExcluding": "22.12.1", "versionStartIncluding": "22.09.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*", "matchCriteriaId": "20978238-A456-4B17-B7AD-DC006C6B16A2", "versionEndExcluding": "23.03.1", "versionStartIncluding": "22.12.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7AF4A0C-4E74-4721-96E0-E5A400B9AF58", "versionEndExcluding": "23.06.1", "versionStartIncluding": "23.03.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:fast_datapath:-:*:*:*:*:*:*:*", "matchCriteriaId": "0A63D05D-BFAF-484B-BA49-5F5E399CDA02", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en Open Virtual Network donde el monitor de servicio MAC no califica correctamente el l\u00edmite. Este problema podr\u00eda permitir que un atacante provoque una denegaci\u00f3n de servicio, incluso en implementaciones con CoPP habilitado y configurado correctamente."}], "id": "CVE-2023-3153", "lastModified": "2023-11-07T04:18:03.807", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2023-10-04T12:15:10.503", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-3153"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213279"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://github.com/ovn-org/ovn/issues/198"}, {"source": "secalert@redhat.com", "tags": ["Mitigation", "Patch"], "url": "https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "secalert@redhat.com", "type": "Secondary"}]}