{"id":"CVE-2023-1668","details":"A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.","modified":"2026-04-02T08:40:42.439553Z","published":"2023-04-10T22:15:09.133Z","related":["SUSE-SU-2023:2274-1","SUSE-SU-2023:2275-1","SUSE-SU-2023:2296-1","SUSE-SU-2023:2536-1","SUSE-SU-2023:2621-1","SUSE-SU-2026:0280-1","SUSE-SU-2026:0290-1","openSUSE-SU-2024:12942-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00000.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2GUNS3WSJG4TUDKZ5L7FXGJMVOD6EJZ/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202311-16"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5387"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2137666"},{"type":"FIX","url":"https://www.openwall.com/lists/oss-security/2023/04/06/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openvswitch/ovs","events":[{"introduced":"8c057fadf32abe649395b56becdbdaa48eff8d1f"},{"fixed":"5d8a8ce4909b838607c4eac784f80626ea32c980"},{"introduced":"29c7b4518fb5834e3f432f1c8864df8e95e1506c"},{"fixed":"cad2b4eefec359d73ad11cb863abd0b5e9129ac6"},{"introduced":"8dc1733eaea866dce033b3c44853e1b09bf59fc7"},{"fixed":"1548b616bc35b8faab96cb1b74c932592f1eaab2"},{"introduced":"cb6cb1c76a8bad94aad0952e035a56dd1832b69d"},{"fixed":"c9016d49d404108e30a216634812b90e49d21f49"},{"introduced":"db7c86e5d03cd9018739e5fa47cc6be0bad246a0"},{"fixed":"a08bb41e3c381f695b5ab62b0ab49b39c2b98727"},{"introduced":"99e0cad9e78104009ca3187c6aa997700f07b957"},{"fixed":"2a98be5adaa6b3bd6c71a0ee01fc2782c67e7c78"},{"introduced":"0"},{"last_affected":"3c2bea086ef8912d57331173af266f21d36740a0"}],"database_specific":{"versions":[{"introduced":"1.5.0"},{"fixed":"2.13.11"},{"introduced":"2.14.0"},{"fixed":"2.14.9"},{"introduced":"2.15.0"},{"fixed":"2.15.8"},{"introduced":"2.16.0"},{"fixed":"2.16.7"},{"introduced":"2.17.0"},{"fixed":"2.17.6"},{"introduced":"3.0.0"},{"fixed":"3.0.4"},{"introduced":"0"},{"last_affected":"3.1.0"}]}}],"versions":["v0.90.0","v0.90.1","v0.90.2","v0.90.3","v0.90.4","v0.90.5","v0.90.6","v0.90.7","v0.99.0","v0.99.1","v0.99.2","v1.0.0","v1.0.1","v1.0.2","v1.0.3","v1.1.0","v1.1.0pre1","v1.1.0pre2","v1.1.1","v1.1.2","v1.10.0","v1.10.2","v1.11.0","v1.11.1","v1.2.0","v1.2.1","v1.2.2","v1.3.0","v1.4.0","v1.4.1","v1.4.2","v1.4.3","v1.4.4","v1.4.5","v1.4.6","v1.5.0","v1.6.1","v1.7.0","v1.7.1","v1.7.2","v1.7.3","v1.9.0","v1.9.3","v2.0","v2.0.1","v2.0.2","v2.1.0","v2.1.1","v2.1.2","v2.1.3","v2.10.0","v2.10.1","v2.10.2","v2.10.3","v2.10.4","v2.10.5","v2.10.6","v2.10.7","v2.11.0","v2.11.1","v2.11.2","v2.11.3","v2.11.4","v2.11.5","v2.11.6","v2.11.7","v2.12.0","v2.12.1","v2.12.2","v2.12.3","v2.12.4","v2.13.0","v2.13.1","v2.13.10","v2.13.2","v2.13.3","v2.13.4","v2.13.5","v2.13.6","v2.13.7","v2.13.8","v2.13.9","v2.14.0","v2.14.1","v2.14.2","v2.14.3","v2.14.4","v2.14.5","v2.14.6","v2.14.7","v2.14.8","v2.15.0","v2.15.1","v2.15.2","v2.15.3","v2.15.4","v2.15.5","v2.15.6","v2.15.7","v2.16.0","v2.16.1","v2.16.2","v2.16.3","v2.16.4","v2.16.5","v2.16.6","v2.17.0","v2.17.1","v2.17.2","v2.17.3","v2.17.4","v2.17.5","v2.3","v2.3.1","v2.3.2","v2.3.3","v2.4.0","v2.4.1","v2.5.0","v2.5.1","v2.5.10","v2.5.11","v2.5.12","v2.5.2","v2.5.3","v2.5.4","v2.5.5","v2.5.6","v2.5.7","v2.5.8","v2.5.9","v2.6.0","v2.6.1","v2.6.10","v2.6.2","v2.6.3","v2.6.4","v2.6.5","v2.6.6","v2.6.7","v2.6.8","v2.6.9","v2.7.0","v2.7.1","v2.7.10","v2.7.11","v2.7.12","v2.7.13","v2.7.2","v2.7.3","v2.7.4","v2.7.5","v2.7.6","v2.7.7","v2.7.8","v2.7.9","v2.8.0","v2.8.1","v2.8.10","v2.8.11","v2.8.2","v2.8.3","v2.8.4","v2.8.5","v2.8.6","v2.8.7","v2.8.8","v2.8.9","v2.9.0","v2.9.1","v2.9.2","v2.9.3","v2.9.4","v2.9.5","v2.9.6","v2.9.7","v2.9.8","v2.9.9","v3.0.0","v3.0.1","v3.0.2","v3.0.3","v3.1.0","v3.2.0","v3.2.1","v3.2.2","v3.2.3","v3.2.4","v3.2.5","v3.2.6","v3.3.0","v3.3.1","v3.3.2","v3.3.3","v3.3.4","v3.3.5","v3.3.6","v3.3.7","v3.3.8","v3.3.9","v3.4.0","v3.4.1","v3.4.2","v3.4.3","v3.4.4","v3.4.5","v3.4.6","v3.5.0","v3.5.1","v3.5.2","v3.5.3","v3.5.4","v3.6.0","v3.6.1","v3.6.2","v3.6.3","v3.7.0","v3.7.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1668.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"11.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"16.1"}]},{"events":[{"introduced":"0"},{"last_affected":"16.2"}]},{"events":[{"introduced":"0"},{"last_affected":"17.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}]}