Nixpkgs Security Tracker

Untriaged

Permalink CVE-2025-0650

created 5 months ago

Ovn: egress acls may be bypassed via specially crafted udp packet

A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.

Affected products

ovn

==24.03.5
==24.09.2
==22.03.8

ovn2.11

ovn2.12

ovn2.13

ovn-2021

ovn22.03

ovn22.06

ovn22.09

ovn22.12

ovn23.03

ovn23.06

ovn23.09

ovn24.03

ovn24.09

Matching in nixpkgs

pkgs.ovn

Open Virtual Network

nixos-unstable -
- nixpkgs-unstable 25.09.0

pkgs.novnc

VNC client web application

nixos-unstable -
- nixpkgs-unstable 1.6.0

pkgs.turbovnc

High-speed version of VNC derived from TightVNC

nixos-unstable -
- nixpkgs-unstable 3.2

pkgs.nanovna-qt

PC GUI software for NanoVNA V2 series

nixos-unstable -
- nixpkgs-unstable 20200403

pkgs.nanovna-saver

Tool for reading, displaying and saving data from the NanoVNA

nixos-unstable -
- nixpkgs-unstable 0.7.3

Package maintainers

@chuangzhu Chuang Zhu <nixos@chuang.cz>
@hesiod Tobias Markus <tobias@markus-regensburg.de>
@zaninime Francesco Zanini <francesco@zanini.me>
@NeverBehave Xinhao Luo <i@never.pet>
@adamcstephens Adam C. Stephens <happy.plan4249@valkor.net>
@booxter Ihar Hrachyshka <ihar.hrachyshka@gmail.com>
@nh2 Niklas Hambüchen <mail@nh2.me>

Suggestion detail