{"api_version":"1","generated_at":"2026-04-09T09:57:19+00:00","cve":"CVE-2023-1668","urls":{"html":"https://cve.report/CVE-2023-1668","api":"https://cve.report/api/cve/CVE-2023-1668.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-1668","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-1668"},"summary":{"title":"CVE-2023-1668","description":"A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2023-04-10 22:15:00","updated_at":"2023-11-26 11:15:00"},"problem_types":["CWE-670"],"metrics":[],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2137666","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2137666","refsource":"MISC","tags":[],"title":"Bug Access Denied","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2GUNS3WSJG4TUDKZ5L7FXGJMVOD6EJZ/","name":"FEDORA-2023-7da03dc2ae","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 38 Update: openvswitch-3.1.1-1.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202311-16","name":"GLSA-202311-16","refsource":"","tags":[],"title":"Open vSwitch: Multiple Vulnerabilities (GLSA 202311-16) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.openwall.com/lists/oss-security/2023/04/06/1","name":"https://www.openwall.com/lists/oss-security/2023/04/06/1","refsource":"MISC","tags":[],"title":"oss-security - [ADVISORY] CVE-2023-1668: Open vSwitch: Remote traffic denial of\n service via crafted packets with IP proto 0","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2GUNS3WSJG4TUDKZ5L7FXGJMVOD6EJZ/","name":"FEDORA-2023-7da03dc2ae","refsource":"","tags":[],"title":"[SECURITY] Fedora 38 Update: openvswitch-3.1.1-1.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00000.html","name":"[debian-lts-announce] 20230501 [SECURITY] [DLA 3410-1] openvswitch security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3410-1] openvswitch security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2023/dsa-5387","name":"DSA-5387","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5387-1 openvswitch","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-1668","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1668","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"1668","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cloudbase","cpe5":"open_vswitch","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"1668","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cloudbase","cpe5":"open_vswitch","cpe6":"3.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"1668","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"1668","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"1668","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"1668","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"fast_datapath","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"1668","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"openshift_container_platform","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"1668","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"openstack_platform","cpe6":"16.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"1668","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"openstack_platform","cpe6":"16.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"1668","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"openstack_platform","cpe6":"17.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"1668","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"virtualization","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-1668","qid":"181735","title":"Debian Security Update for openvswitch (DSA 5387-1)"},{"cve":"CVE-2023-1668","qid":"181760","title":"Debian Security Update for openvswitch (DLA 3410-1)"},{"cve":"CVE-2023-1668","qid":"182832","title":"Debian Security Update for openvswitch (CVE-2023-1668)"},{"cve":"CVE-2023-1668","qid":"199328","title":"Ubuntu Security Notification for Open vSwitch Vulnerability (USN-6068-1)"},{"cve":"CVE-2023-1668","qid":"284172","title":"Fedora Security Update for openvswitch (FEDORA-2023-7da03dc2ae)"},{"cve":"CVE-2023-1668","qid":"503210","title":"Alpine Linux Security Update for openvswitch"},{"cve":"CVE-2023-1668","qid":"503547","title":"Alpine Linux Security Update for openvswitch"},{"cve":"CVE-2023-1668","qid":"506147","title":"Alpine Linux Security Update for openvswitch"},{"cve":"CVE-2023-1668","qid":"506148","title":"Alpine Linux Security Update for openvswitch"},{"cve":"CVE-2023-1668","qid":"710800","title":"Gentoo Linux Open vSwitch Multiple Vulnerabilities (GLSA 202311-16)"},{"cve":"CVE-2023-1668","qid":"754034","title":"SUSE Enterprise Linux Security Update for openvswitch (SUSE-SU-2023:2275-1)"},{"cve":"CVE-2023-1668","qid":"754035","title":"SUSE Enterprise Linux Security Update for openvswitch (SUSE-SU-2023:2274-1)"},{"cve":"CVE-2023-1668","qid":"754130","title":"SUSE Enterprise Linux Security Update for openvswitch (SUSE-SU-2023:2621-1)"},{"cve":"CVE-2023-1668","qid":"906924","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for openvswitch (26031-1)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2023-1668","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"openvswitch","version":{"version_data":[{"version_value":"unknown"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-670"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2137666","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2137666"},{"refsource":"MISC","name":"https://www.openwall.com/lists/oss-security/2023/04/06/1","url":"https://www.openwall.com/lists/oss-security/2023/04/06/1"},{"refsource":"DEBIAN","name":"DSA-5387","url":"https://www.debian.org/security/2023/dsa-5387"},{"refsource":"FEDORA","name":"FEDORA-2023-7da03dc2ae","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2GUNS3WSJG4TUDKZ5L7FXGJMVOD6EJZ/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20230501 [SECURITY] [DLA 3410-1] openvswitch security update","url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00000.html"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow."}]}},"nvd":{"publishedDate":"2023-04-10 22:15:00","lastModifiedDate":"2023-11-26 11:15:00","problem_types":["CWE-670"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":8.2,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cloudbase:open_vswitch:3.1.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.0.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*","versionStartIncluding":"2.17.0","versionEndExcluding":"2.17.6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*","versionStartIncluding":"2.16.0","versionEndExcluding":"2.16.7","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*","versionStartIncluding":"2.15.0","versionEndExcluding":"2.15.8","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*","versionStartIncluding":"2.14.0","versionEndExcluding":"2.14.9","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cloudbase:open_vswitch:*:*:*:*:*:*:*:*","versionStartIncluding":"1.5.0","versionEndExcluding":"2.13.11","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:openstack_platform:17.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:fast_datapath:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":null,"notes":[]}}}