An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. — CVE-2022-4337

Summary

Advisory CVE-2022-4337. An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. Vendor: Microsoft. Source: MSRC. Threat: critical. CVSS 9.8. See the official advisory for details.

What to do

General, cautious steps (verify details in the official source):

• Prioritize patching or mitigation immediately (treat as actively risky).
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

Read the official source

Related advisories

• An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. CVE-2022-4338
• Apache HTTP Server: mod_proxy_ajp Possible request smuggling CVE-2022-36760
• Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions CVE-2022-24963
• Integer overflow in `git archive` `git log --format` leading to RCE in git CVE-2022-41903
• A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target syst CVE-2022-3515
• Mariner CVE-2022-47629
• .NET Denial of Service Vulnerability CVE-2023-21538
• 3D Builder Remote Code Execution Vulnerability CVE-2023-21781
• 3D Builder Remote Code Execution Vulnerability CVE-2023-21782
• 3D Builder Remote Code Execution Vulnerability CVE-2023-21784
• 3D Builder Remote Code Execution Vulnerability CVE-2023-21786
• 3D Builder Remote Code Execution Vulnerability CVE-2023-21791