Nixpkgs security tracker
Untriaged
Permalink
CVE-2024-2182
6.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Ovn: insufficient validation of bfd packets may lead to denial of service
A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.
References
-
-
-
-
-
-
-
-
-
-
-
-
-
https://www.openwall.com/lists/oss-security/2024/03/12/5 x_transferred
-
http://www.openwall.com/lists/oss-security/2024/03/12/5 x_transferred
Affected products
ovn
- *
- ==24.03.1
- ==23.09.3
- ==22.03.7
- ==23.06.3
- ==23.03.3
ovn2.11
ovn2.12
ovn2.13
ovn-2021
- *
ovn22.03
- *
ovn22.06
ovn22.09
ovn22.12
- *
ovn23.03
- *
ovn23.06
- *
ovn23.09
- *
Matching in nixpkgs
pkgs.ovn
Open Virtual Network
pkgs.novnc
VNC client web application
pkgs.turbovnc
High-speed version of VNC derived from TightVNC
pkgs.nanovna-saver
A tool for reading, displaying and saving data from the NanoVNA
pkgs.python311Packages.slovnet
Deep-learning based NLP modeling for Russian language
Package maintainers
-
@zaninime Francesco Zanini <francesco@zanini.me>
-
@hesiod Tobias Markus <tobias@markus-regensburg.de>
-
@NeverBehave Xinhao Luo <i@never.pet>
-
@adamcstephens Adam C. Stephens <happy.plan4249@valkor.net>
-
@npatsakula Patsakula Nikita <nikita.patsakula@gmail.com>
-
@nh2 Niklas Hambüchen <mail@nh2.me>