CVE-2025-0650

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-0650

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-0650.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-0650

Related

Published

2025-01-23T17:15:22Z

Modified

2025-03-09T17:48:24.655656Z

Summary

[none]

Details

A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.

References

Affected packages

Debian:12 / ovn

Package

Name: ovn
Purl: pkg:deb/debian/ovn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

23.*

23.03.0-1

23.03.0-2

23.03.0-3

23.03.1-1~deb12u1

23.03.1-1~deb12u2

23.09.0-1

23.09.0-2

24.*

24.03.0~git20240205.ebb7076-1

24.03.0-1

24.03.1-1

24.03.1-2

24.03.2-1

24.03.2-2

24.09.0-1

25.*

25.03.0~git20250216.7c69af7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}