CVE-2022-4338

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-4338
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-4338.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-4338
Downstream
Related
Published
2023-01-10T00:00:00Z
Modified
2026-05-28T04:08:16.879941016Z
Summary
[none]
Details

An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/4xxx/CVE-2022-4338.json",
    "cwe_ids": [
        "CWE-125"
    ],
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "openvswitch 3.0.3, openvswitch 2.17.5, openvswitch 2.16.6, openvswitch 2.15.7, openvswitch 2.14.8, openvswitch 2.13.10"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "redhat"
}
References

Affected packages

Git / github.com/openvswitch/ovs

Affected ranges

Type
GIT
Repo
https://github.com/openvswitch/ovs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
00d74c0ff067ba6612ba1921fd04d7f5fc0bd64b
Introduced
29c7b4518fb5834e3f432f1c8864df8e95e1506c
Fixed
1a19e7b5e5fc6ad9148f92551a24de9e815e2c30
Introduced
8dc1733eaea866dce033b3c44853e1b09bf59fc7
Fixed
3f93cdff2be86426e2379db70d94d70d576d5dec
Introduced
cb6cb1c76a8bad94aad0952e035a56dd1832b69d
Fixed
68a258e86b95f4e4741514dd76239a3e875ca19c
Introduced
db7c86e5d03cd9018739e5fa47cc6be0bad246a0
Fixed
08971e4b938991213c20d5a219d9901099906de6
Introduced
99e0cad9e78104009ca3187c6aa997700f07b957
Fixed
726c7b7975c6660d4ca886220d62d819ee4d7b7f
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.13.10"
        },
        {
            "introduced": "2.14.0"
        },
        {
            "fixed": "2.14.8"
        },
        {
            "introduced": "2.15.0"
        },
        {
            "fixed": "2.15.7"
        },
        {
            "introduced": "2.16.0"
        },
        {
            "fixed": "2.16.6"
        },
        {
            "introduced": "2.17.0"
        },
        {
            "fixed": "2.17.5"
        },
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.0.3"
        }
    ],
    "cpe": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE"
}

Affected versions

v0.*
v0.90.0
v0.90.4
v0.99.0
v0.99.1
v0.99.2
v1.*
v1.0.0
v1.0.1
v1.1.0pre1
v1.1.0pre2
v2.*
v2.13.0
v2.13.1
v2.13.2
v2.13.3
v2.13.4
v2.13.5
v2.13.6
v2.13.7
v2.13.8
v2.13.9
v2.14.0
v2.14.1
v2.14.2
v2.14.3
v2.14.4
v2.14.5
v2.14.6
v2.14.7
v2.15.0
v2.15.1
v2.15.2
v2.15.3
v2.15.4
v2.15.5
v2.15.6
v2.16.0
v2.16.1
v2.16.2
v2.16.3
v2.16.4
v2.16.5
v2.17.0
v2.17.1
v2.17.2
v2.17.3
v2.17.4
v3.*
v3.0.0
v3.0.1
v3.0.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-4338.json"