Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-2182

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-12 Mar, 2024 | 16:18
Updated At-08 Nov, 2025 | 07:11
Rejected At-
Credits

Ovn: insufficient validation of bfd packets may lead to denial of service

A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:12 Mar, 2024 | 16:18
Updated At:08 Nov, 2025 | 07:11
Rejected At:
â–¼CVE Numbering Authority (CNA)
Ovn: insufficient validation of bfd packets may lead to denial of service

A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.

Affected Products
Collection URL
https://www.github.com/ovn-org/ovn/
Package Name
ovn
Default Status
unaffected
Versions
Affected
  • From 20.03.0 before * (semver)
Vendor
Red Hat, Inc.Red Hat
Product
Fast Datapath for Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ovn23.06
CPEs
  • cpe:/o:redhat:enterprise_linux:8::fastdatapath
Default Status
affected
Versions
Unaffected
  • From 0:23.06.1-112.el8fdp before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Fast Datapath for Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ovn22.12
CPEs
  • cpe:/o:redhat:enterprise_linux:8::fastdatapath
Default Status
affected
Versions
Unaffected
  • From 0:22.12.1-94.el8fdp before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Fast Datapath for Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ovn22.03
CPEs
  • cpe:/o:redhat:enterprise_linux:8::fastdatapath
Default Status
affected
Versions
Unaffected
  • From 0:22.03.3-71.el8fdp before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Fast Datapath for Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ovn23.03
CPEs
  • cpe:/o:redhat:enterprise_linux:8::fastdatapath
Default Status
affected
Versions
Unaffected
  • From 0:23.03.1-100.el8fdp before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Fast Datapath for Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ovn-2021
CPEs
  • cpe:/o:redhat:enterprise_linux:8::fastdatapath
Default Status
affected
Versions
Unaffected
  • From 0:21.12.0-142.el8fdp before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Fast Datapath for Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ovn23.09
CPEs
  • cpe:/o:redhat:enterprise_linux:9::fastdatapath
Default Status
affected
Versions
Unaffected
  • From 0:23.09.0-136.el9fdp before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Fast Datapath for Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ovn23.06
CPEs
  • cpe:/o:redhat:enterprise_linux:9::fastdatapath
Default Status
affected
Versions
Unaffected
  • From 0:23.06.1-112.el9fdp before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Fast Datapath for Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ovn22.12
CPEs
  • cpe:/o:redhat:enterprise_linux:9::fastdatapath
Default Status
affected
Versions
Unaffected
  • From 0:22.12.1-94.el9fdp before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Fast Datapath for Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ovn22.03
CPEs
  • cpe:/o:redhat:enterprise_linux:9::fastdatapath
Default Status
affected
Versions
Unaffected
  • From 0:22.03.3-71.el9fdp before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Fast Datapath for Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ovn23.03
CPEs
  • cpe:/o:redhat:enterprise_linux:9::fastdatapath
Default Status
affected
Versions
Unaffected
  • From 0:23.03.1-100.el9fdp before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Fast Datapath for RHEL 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ovn2.11
CPEs
  • cpe:/o:redhat:enterprise_linux:7::fastdatapath
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Fast Datapath for RHEL 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ovn2.12
CPEs
  • cpe:/o:redhat:enterprise_linux:7::fastdatapath
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Fast Datapath for RHEL 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ovn2.13
CPEs
  • cpe:/o:redhat:enterprise_linux:7::fastdatapath
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Fast Datapath for RHEL 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ovn2.11
CPEs
  • cpe:/o:redhat:enterprise_linux:8::fastdatapath
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Fast Datapath for RHEL 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ovn2.12
CPEs
  • cpe:/o:redhat:enterprise_linux:8::fastdatapath
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Fast Datapath for RHEL 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ovn2.13
CPEs
  • cpe:/o:redhat:enterprise_linux:8::fastdatapath
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Fast Datapath for RHEL 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ovn22.06
CPEs
  • cpe:/o:redhat:enterprise_linux:8::fastdatapath
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Fast Datapath for RHEL 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ovn22.09
CPEs
  • cpe:/o:redhat:enterprise_linux:8::fastdatapath
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Fast Datapath for RHEL 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ovn-2021
CPEs
  • cpe:/o:redhat:enterprise_linux:9::fastdatapath
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Fast Datapath for RHEL 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ovn22.06
CPEs
  • cpe:/o:redhat:enterprise_linux:9::fastdatapath
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Fast Datapath for RHEL 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
ovn22.09
CPEs
  • cpe:/o:redhat:enterprise_linux:9::fastdatapath
Default Status
unknown
Problem Types
TypeCWE IDDescription
CWECWE-346Origin Validation Error
Type: CWE
CWE ID: CWE-346
Description: Origin Validation Error
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Red Hat severity rating
value:
Moderate
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Red Hat would like to thank Frode Nordahl (Canonical) for reporting this issue.
Timeline
EventDate
Reported to Red Hat.2024-03-04 00:00:00
Made public.2024-03-12 00:00:00
Event: Reported to Red Hat.
Date: 2024-03-04 00:00:00
Event: Made public.
Date: 2024-03-12 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2024:1385
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1386
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1387
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1388
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1390
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1391
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1392
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1393
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1394
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4035
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-2182
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2267840
issue-tracking
x_refsource_REDHAT
https://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.html
N/A
https://www.openwall.com/lists/oss-security/2024/03/12/5
N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1385
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1386
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1387
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1388
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1390
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1391
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1392
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1393
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1394
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4035
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2024-2182
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2267840
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.html
Resource: N/A
Hyperlink: https://www.openwall.com/lists/oss-security/2024/03/12/5
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2024/03/12/5
x_transferred
https://access.redhat.com/errata/RHSA-2024:1385
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:1386
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:1387
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:1388
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:1390
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:1391
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:1392
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:1393
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:1394
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:4035
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/security/cve/CVE-2024-2182
vdb-entry
x_refsource_REDHAT
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=2267840
issue-tracking
x_refsource_REDHAT
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APR4GCVCMQD3DQUKXDNGIXCCYGE5V7IT/
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CB4N522FCS4XWAPUKRWZF6QZ657FCIDF/
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRKXOOOKD56TY3JQVB45N3GCTX3EG4BV/
x_transferred
https://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.html
x_transferred
https://www.openwall.com/lists/oss-security/2024/03/12/5
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2024/03/12/5
Resource:
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1385
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1386
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1387
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1388
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1390
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1391
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1392
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1393
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1394
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4035
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/security/cve/CVE-2024-2182
Resource:
vdb-entry
x_refsource_REDHAT
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2267840
Resource:
issue-tracking
x_refsource_REDHAT
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APR4GCVCMQD3DQUKXDNGIXCCYGE5V7IT/
Resource:
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CB4N522FCS4XWAPUKRWZF6QZ657FCIDF/
Resource:
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRKXOOOKD56TY3JQVB45N3GCTX3EG4BV/
Resource:
x_transferred
Hyperlink: https://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.html
Resource:
x_transferred
Hyperlink: https://www.openwall.com/lists/oss-security/2024/03/12/5
Resource:
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:12 Mar, 2024 | 17:15
Updated At:15 Apr, 2026 | 00:35

A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-346Secondarysecalert@redhat.com
CWE ID: CWE-346
Type: Secondary
Source: secalert@redhat.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://access.redhat.com/errata/RHSA-2024:1385secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:1386secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:1387secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:1388secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:1390secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:1391secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:1392secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:1393secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:1394secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:4035secalert@redhat.com
N/A
https://access.redhat.com/security/cve/CVE-2024-2182secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2267840secalert@redhat.com
N/A
https://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.htmlsecalert@redhat.com
N/A
https://www.openwall.com/lists/oss-security/2024/03/12/5secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2024/03/12/5af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:1385af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:1386af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:1387af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:1388af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:1390af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:1391af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:1392af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:1393af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:1394af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2024:4035af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/security/cve/CVE-2024-2182af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2267840af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APR4GCVCMQD3DQUKXDNGIXCCYGE5V7IT/af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CB4N522FCS4XWAPUKRWZF6QZ657FCIDF/af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRKXOOOKD56TY3JQVB45N3GCTX3EG4BV/af854a3a-2127-422b-91ae-364da2661108
N/A
https://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.openwall.com/lists/oss-security/2024/03/12/5af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1385
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1386
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1387
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1388
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1390
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1391
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1392
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1393
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1394
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4035
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2024-2182
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2267840
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.openwall.com/lists/oss-security/2024/03/12/5
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2024/03/12/5
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1385
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1386
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1387
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1388
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1390
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1391
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1392
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1393
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:1394
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:4035
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2024-2182
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2267840
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APR4GCVCMQD3DQUKXDNGIXCCYGE5V7IT/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CB4N522FCS4XWAPUKRWZF6QZ657FCIDF/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRKXOOOKD56TY3JQVB45N3GCTX3EG4BV/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.openwall.com/lists/oss-security/2024/03/12/5
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

53Records found
CVE-2024-1249
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.4||HIGH
EPSS-0.17% / 38.28%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 13:22
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkloginiframe leads to ddos

A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat AMQ Broker 7Red Hat Decision Manager 7Red Hat JBoss Enterprise Application Platform 7Migration Toolkit for Applications 7RHEL-8 based Middleware ContainersRed Hat build of Keycloak 22.0.10Red Hat JBoss Enterprise Application Platform 6Migration Toolkit for Applications 6Red Hat Process Automation 7Red Hat Fuse 7Red Hat build of Keycloak 22Red Hat Data Grid 8Red Hat Single Sign-On 7.6 for RHEL 8Red Hat build of Apicurio Registry 2Red Hat JBoss Data Grid 7Red Hat Single Sign-On 7.6 for RHEL 7streams for Apache KafkaRed Hat Developer HubRHOSS-1.33-RHEL-8Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat Single Sign-On 7.6 for RHEL 9Red Hat JBoss Enterprise Application Platform 8RHSSO 7.6.8
CWE ID-CWE-346
Origin Validation Error
CVE-2023-40547
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.3||HIGH
EPSS-4.17% / 88.71%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 15:54
Updated-20 Nov, 2025 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shim: rce in http boot support may lead to secure boot bypass

A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.

Action-Not Available
Vendor-Red Hat, Inc.
Product-shimenterprise_linuxRed Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.2 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 9.0 Extended Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 8
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-346
Origin Validation Error
CVE-2025-13947
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.4||HIGH
EPSS-0.07% / 22.38%
||
7 Day CHG~0.00%
Published-03 Dec, 2025 | 09:45
Updated-07 Jan, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Webkit: webkitgtk: remote user-assisted information disclosure via file drag-and-drop

A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser.

Action-Not Available
Vendor-The WebKitGTK TeamRed Hat, Inc.
Product-webkitgtkRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
CWE ID-CWE-346
Origin Validation Error
  • Previous
  • 1
  • 2
  • Next
Details not found