Vulnerabilites related to openvswitch - openvswitch
CVE-2020-27827 (GCVE-0-2020-27827)
Vulnerability from cvelistv5
Published
2021-03-18 00:00
Modified
2024-08-04 16:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | lldp/openvswitch |
Version: lldpd 1.0.8, openvswitch 2.14.1, openvswitch 2.13.2, openvswitch 2.12.2, openvswitch 2.11.5, openvswitch 2.10.6, openvswitch 2.9.8, openvswitch 2.8.10, openvswitch 2.7.12, openvswitch 2.6.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:25:43.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921438"
},
{
"tags": [
"x_transferred"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07"
},
{
"name": "FEDORA-2023-88991d2713",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/"
},
{
"name": "FEDORA-2023-c0c184a019",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/"
},
{
"name": "FEDORA-2023-3e4feeadec",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/"
},
{
"name": "GLSA-202311-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "lldp/openvswitch",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "lldpd 1.0.8, openvswitch 2.14.1, openvswitch 2.13.2, openvswitch 2.12.2, openvswitch 2.11.5, openvswitch 2.10.6, openvswitch 2.9.8, openvswitch 2.8.10, openvswitch 2.7.12, openvswitch 2.6.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-26T11:06:15.202997",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921438"
},
{
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07"
},
{
"name": "FEDORA-2023-88991d2713",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/"
},
{
"name": "FEDORA-2023-c0c184a019",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/"
},
{
"name": "FEDORA-2023-3e4feeadec",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/"
},
{
"name": "GLSA-202311-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-16"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-27827",
"datePublished": "2021-03-18T00:00:00",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-08-04T16:25:43.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9265 (GCVE-0-2017-9265)
Vulnerability from cvelistv5
Published
2017-05-29 03:52
Modified
2024-08-05 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:43.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:2698",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2698"
},
{
"name": "RHSA-2017:2727",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2727"
},
{
"name": "RHSA-2017:2692",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2692"
},
{
"name": "RHSA-2017:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2553"
},
{
"name": "RHSA-2017:2418",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2418"
},
{
"name": "RHSA-2017:2648",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2648"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332965.html"
},
{
"name": "RHSA-2017:2665",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2665"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2017:2698",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2698"
},
{
"name": "RHSA-2017:2727",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2727"
},
{
"name": "RHSA-2017:2692",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2692"
},
{
"name": "RHSA-2017:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2553"
},
{
"name": "RHSA-2017:2418",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2418"
},
{
"name": "RHSA-2017:2648",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2648"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332965.html"
},
{
"name": "RHSA-2017:2665",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2665"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2698",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2698"
},
{
"name": "RHSA-2017:2727",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2727"
},
{
"name": "RHSA-2017:2692",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2692"
},
{
"name": "RHSA-2017:2553",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2553"
},
{
"name": "RHSA-2017:2418",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2418"
},
{
"name": "RHSA-2017:2648",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2648"
},
{
"name": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332965.html",
"refsource": "CONFIRM",
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332965.html"
},
{
"name": "RHSA-2017:2665",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2665"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9265",
"datePublished": "2017-05-29T03:52:00",
"dateReserved": "2017-05-28T00:00:00",
"dateUpdated": "2024-08-05T17:02:43.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22563 (GCVE-0-2024-22563)
Vulnerability from cvelistv5
Published
2024-01-19 00:00
Modified
2025-06-02 15:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:51:10.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openvswitch/ovs-issues/issues/315"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22563",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-02T14:11:03.751377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T15:02:43.505Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/openvswitch/ovs-issues/issues/315"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-19T14:39:55.472Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/openvswitch/ovs-issues/issues/315"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-22563",
"datePublished": "2024-01-19T00:00:00.000Z",
"dateReserved": "2024-01-11T00:00:00.000Z",
"dateUpdated": "2025-06-02T15:02:43.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4338 (GCVE-0-2022-4338)
Vulnerability from cvelistv5
Published
2023-01-10 00:00
Modified
2024-08-03 01:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | openvswitch |
Version: openvswitch 3.0.3, openvswitch 2.17.5, openvswitch 2.16.6, openvswitch 2.15.7, openvswitch 2.14.8, openvswitch 2.13.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:34:50.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2022/12/21/4"
},
{
"tags": [
"x_transferred"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openvswitch/ovs/pull/405"
},
{
"name": "DSA-5319",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5319"
},
{
"name": "GLSA-202311-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openvswitch",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "openvswitch 3.0.3, openvswitch 2.17.5, openvswitch 2.16.6, openvswitch 2.15.7, openvswitch 2.14.8, openvswitch 2.13.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-26T11:06:16.807765",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2022/12/21/4"
},
{
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html"
},
{
"url": "https://github.com/openvswitch/ovs/pull/405"
},
{
"name": "DSA-5319",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5319"
},
{
"name": "GLSA-202311-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-16"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-4338",
"datePublished": "2023-01-10T00:00:00",
"dateReserved": "2022-12-07T00:00:00",
"dateUpdated": "2024-08-03T01:34:50.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17205 (GCVE-0-2018-17205)
Vulnerability from cvelistv5
Published
2018-09-19 16:00
Modified
2024-08-05 10:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:47:03.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2019:0053",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0053"
},
{
"name": "USN-3873-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3873-1/"
},
{
"name": "RHSA-2018:3500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3500"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6"
},
{
"name": "RHSA-2019:0081",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0081"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-31T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2019:0053",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0053"
},
{
"name": "USN-3873-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3873-1/"
},
{
"name": "RHSA-2018:3500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3500"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6"
},
{
"name": "RHSA-2019:0081",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0081"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2019:0053",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0053"
},
{
"name": "USN-3873-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3873-1/"
},
{
"name": "RHSA-2018:3500",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3500"
},
{
"name": "https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6",
"refsource": "MISC",
"url": "https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6"
},
{
"name": "RHSA-2019:0081",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0081"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17205",
"datePublished": "2018-09-19T16:00:00",
"dateReserved": "2018-09-19T00:00:00",
"dateUpdated": "2024-08-05T10:47:03.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9263 (GCVE-0-2017-9263)
Vulnerability from cvelistv5
Published
2017-05-29 03:52
Modified
2024-08-05 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:2698",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2698"
},
{
"name": "RHSA-2017:2727",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2727"
},
{
"name": "RHSA-2017:2692",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2692"
},
{
"name": "RHSA-2017:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2553"
},
{
"name": "RHSA-2017:2418",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2418"
},
{
"name": "RHSA-2017:2648",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2648"
},
{
"name": "RHSA-2017:2665",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2665"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332966.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2017:2698",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2698"
},
{
"name": "RHSA-2017:2727",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2727"
},
{
"name": "RHSA-2017:2692",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2692"
},
{
"name": "RHSA-2017:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2553"
},
{
"name": "RHSA-2017:2418",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2418"
},
{
"name": "RHSA-2017:2648",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2648"
},
{
"name": "RHSA-2017:2665",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2665"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332966.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2698",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2698"
},
{
"name": "RHSA-2017:2727",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2727"
},
{
"name": "RHSA-2017:2692",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2692"
},
{
"name": "RHSA-2017:2553",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2553"
},
{
"name": "RHSA-2017:2418",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2418"
},
{
"name": "RHSA-2017:2648",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2648"
},
{
"name": "RHSA-2017:2665",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2665"
},
{
"name": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332966.html",
"refsource": "CONFIRM",
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332966.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9263",
"datePublished": "2017-05-29T03:52:00",
"dateReserved": "2017-05-28T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17206 (GCVE-0-2018-17206)
Vulnerability from cvelistv5
Published
2018-09-19 16:00
Modified
2024-08-05 10:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:47:04.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2019:0053",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0053"
},
{
"name": "USN-3873-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3873-1/"
},
{
"name": "RHSA-2018:3500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3500"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8"
},
{
"name": "RHSA-2019:0081",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0081"
},
{
"name": "[debian-lts-announce] 20210219 [SECURITY] [DLA 2571-1] openvswitch security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-20T00:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2019:0053",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0053"
},
{
"name": "USN-3873-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3873-1/"
},
{
"name": "RHSA-2018:3500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3500"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8"
},
{
"name": "RHSA-2019:0081",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0081"
},
{
"name": "[debian-lts-announce] 20210219 [SECURITY] [DLA 2571-1] openvswitch security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2019:0053",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0053"
},
{
"name": "USN-3873-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3873-1/"
},
{
"name": "RHSA-2018:3500",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3500"
},
{
"name": "https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8",
"refsource": "MISC",
"url": "https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8"
},
{
"name": "RHSA-2019:0081",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0081"
},
{
"name": "[debian-lts-announce] 20210219 [SECURITY] [DLA 2571-1] openvswitch security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17206",
"datePublished": "2018-09-19T16:00:00",
"dateReserved": "2018-09-19T00:00:00",
"dateUpdated": "2024-08-05T10:47:04.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14970 (GCVE-0-2017-14970)
Vulnerability from cvelistv5
Published
2017-10-01 20:00
Modified
2024-08-05 19:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table."
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating \"it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-09T02:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating \"it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html",
"refsource": "CONFIRM",
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html"
},
{
"name": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html",
"refsource": "CONFIRM",
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14970",
"datePublished": "2017-10-01T20:00:00",
"dateReserved": "2017-10-01T00:00:00",
"dateUpdated": "2024-08-05T19:42:22.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9214 (GCVE-0-2017-9214)
Vulnerability from cvelistv5
Published
2017-05-23 17:00
Modified
2024-08-05 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:43.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:2698",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2698"
},
{
"name": "RHSA-2017:2727",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2727"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html"
},
{
"name": "RHSA-2017:2692",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2692"
},
{
"name": "RHSA-2017:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2553"
},
{
"name": "RHSA-2017:2418",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2418"
},
{
"name": "RHSA-2017:2648",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2648"
},
{
"name": "RHSA-2017:2665",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2665"
},
{
"name": "[debian-lts-announce] 20210219 [SECURITY] [DLA 2571-1] openvswitch security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-20T00:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2017:2698",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2698"
},
{
"name": "RHSA-2017:2727",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2727"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html"
},
{
"name": "RHSA-2017:2692",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2692"
},
{
"name": "RHSA-2017:2553",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2553"
},
{
"name": "RHSA-2017:2418",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2418"
},
{
"name": "RHSA-2017:2648",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2648"
},
{
"name": "RHSA-2017:2665",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2665"
},
{
"name": "[debian-lts-announce] 20210219 [SECURITY] [DLA 2571-1] openvswitch security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2698",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2698"
},
{
"name": "RHSA-2017:2727",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2727"
},
{
"name": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html",
"refsource": "CONFIRM",
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html"
},
{
"name": "RHSA-2017:2692",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2692"
},
{
"name": "RHSA-2017:2553",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2553"
},
{
"name": "RHSA-2017:2418",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2418"
},
{
"name": "RHSA-2017:2648",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2648"
},
{
"name": "RHSA-2017:2665",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2665"
},
{
"name": "[debian-lts-announce] 20210219 [SECURITY] [DLA 2571-1] openvswitch security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9214",
"datePublished": "2017-05-23T17:00:00",
"dateReserved": "2017-05-23T00:00:00",
"dateUpdated": "2024-08-05T17:02:43.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3449 (GCVE-0-2012-3449)
Vulnerability from cvelistv5
Published
2012-08-07 20:00
Modified
2024-08-06 20:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54789",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54789"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=845350"
},
{
"name": "54794",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54794"
},
{
"name": "[oss-security] 20120803 Re: openvswitch world writable directories (CVE-2012-3449)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/03/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683665"
},
{
"name": "openvswitch-privilege-escalation(77417)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77417"
},
{
"name": "[oss-security] 20120802 openvswitch world writable directories (CVE-2012-3449)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/02/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "54789",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54789"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=845350"
},
{
"name": "54794",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54794"
},
{
"name": "[oss-security] 20120803 Re: openvswitch world writable directories (CVE-2012-3449)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/03/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683665"
},
{
"name": "openvswitch-privilege-escalation(77417)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77417"
},
{
"name": "[oss-security] 20120802 openvswitch world writable directories (CVE-2012-3449)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/02/6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3449",
"datePublished": "2012-08-07T20:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17204 (GCVE-0-2018-17204)
Vulnerability from cvelistv5
Published
2018-09-19 16:00
Modified
2024-08-05 10:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:47:03.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2019:0053",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0053"
},
{
"name": "USN-3873-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3873-1/"
},
{
"name": "RHSA-2018:3500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3500"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde"
},
{
"name": "RHSA-2019:0081",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0081"
},
{
"name": "[debian-lts-announce] 20210219 [SECURITY] [DLA 2571-1] openvswitch security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-20T00:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2019:0053",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0053"
},
{
"name": "USN-3873-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3873-1/"
},
{
"name": "RHSA-2018:3500",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3500"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde"
},
{
"name": "RHSA-2019:0081",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0081"
},
{
"name": "[debian-lts-announce] 20210219 [SECURITY] [DLA 2571-1] openvswitch security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2019:0053",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0053"
},
{
"name": "USN-3873-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3873-1/"
},
{
"name": "RHSA-2018:3500",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3500"
},
{
"name": "https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde",
"refsource": "MISC",
"url": "https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde"
},
{
"name": "RHSA-2019:0081",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0081"
},
{
"name": "[debian-lts-announce] 20210219 [SECURITY] [DLA 2571-1] openvswitch security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17204",
"datePublished": "2018-09-19T16:00:00",
"dateReserved": "2018-09-19T00:00:00",
"dateUpdated": "2024-08-05T10:47:03.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4337 (GCVE-0-2022-4337)
Vulnerability from cvelistv5
Published
2023-01-10 00:00
Modified
2024-08-03 01:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | openvswitch |
Version: openvswitch 3.0.3, openvswitch 2.17.5, openvswitch 2.16.6, openvswitch 2.15.7, openvswitch 2.14.8, openvswitch 2.13.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:34:50.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2022/12/21/4"
},
{
"tags": [
"x_transferred"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openvswitch/ovs/pull/405"
},
{
"name": "DSA-5319",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5319"
},
{
"name": "GLSA-202311-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openvswitch",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "openvswitch 3.0.3, openvswitch 2.17.5, openvswitch 2.16.6, openvswitch 2.15.7, openvswitch 2.14.8, openvswitch 2.13.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-26T11:06:19.956591",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2022/12/21/4"
},
{
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html"
},
{
"url": "https://github.com/openvswitch/ovs/pull/405"
},
{
"name": "DSA-5319",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5319"
},
{
"name": "GLSA-202311-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-16"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-4337",
"datePublished": "2023-01-10T00:00:00",
"dateReserved": "2022-12-07T00:00:00",
"dateUpdated": "2024-08-03T01:34:50.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5366 (GCVE-0-2023-5366)
Vulnerability from cvelistv5
Published
2023-10-06 17:43
Modified
2025-02-13 17:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Summary
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | n/a | openvswitch | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:43.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5366"
},
{
"name": "RHBZ#2006347",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006347"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/08/4"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00004.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "openvswitch",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch2.10",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch2.11",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch2.12",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.13",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.15",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch2.11",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch2.12",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.13",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.15",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch2.16",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.17",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch3.1",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.17",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch3.0",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch3.1",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "openvswitch",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:3.11"
],
"defaultStatus": "unknown",
"packageName": "openvswitch-ovn-kubernetes",
"product": "Red Hat OpenShift Container Platform 3.11",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unknown",
"packageName": "openvswitch2.15",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.16",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.17",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "openvswitch3.0",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "openvswitch3.1",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:16.1"
],
"defaultStatus": "unaffected",
"packageName": "rhosp-openvswitch",
"product": "Red Hat OpenStack Platform 16.1",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:16.2"
],
"defaultStatus": "unaffected",
"packageName": "rhosp-openvswitch",
"product": "Red Hat OpenStack Platform 16.2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/:redhat:enterprise_linux:::hypervisor"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.11",
"product": "Red Hat Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/:redhat:enterprise_linux:::hypervisor"
],
"defaultStatus": "affected",
"packageName": "redhat-virtualization-host",
"product": "Red Hat Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "openvswitch",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Alex Katz (Red Hat) and Slawomir Kaplonski (Red Hat)."
}
],
"datePublic": "2023-09-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-23T02:06:38.589Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5366"
},
{
"name": "RHBZ#2006347",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006347"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/08/4"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00004.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-09-21T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-09-26T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Openvswitch don\u0027t match packets on nd_target field",
"x_redhatCweChain": "CWE-345: Insufficient Verification of Data Authenticity"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-5366",
"datePublished": "2023-10-06T17:43:34.376Z",
"dateReserved": "2023-10-03T19:14:58.793Z",
"dateUpdated": "2025-02-13T17:20:09.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3966 (GCVE-0-2023-3966)
Vulnerability from cvelistv5
Published
2024-02-22 12:15
Modified
2025-02-13 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-248 - Uncaught Exception
Summary
A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | n/a | openvswitch | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T15:42:09.680379Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T18:14:22.101Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3966"
},
{
"name": "RHBZ#2178363",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178363"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openvswitch",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "3.1.0"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch2.10",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch2.11",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch2.12",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.13",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch2.11",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch2.12",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.13",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.15",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch2.16",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.17",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch3.1",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.17",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch3.0",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch3.1",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch3.2",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "openvswitch",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:3.11"
],
"defaultStatus": "unaffected",
"packageName": "openvswitch-ovn-kubernetes",
"product": "Red Hat OpenShift Container Platform 3.11",
"vendor": "Red Hat"
},
{
"collectionURL": "https://repos.fedorapeople.org/repos/openstack/",
"defaultStatus": "affected",
"packageName": "rdo-openvswitch",
"product": "OpenStack RDO",
"vendor": "RDO"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "openvswitch",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Haresh Khandelwal (Red Hat) and Timothy Redaelli (Red Hat)."
}
],
"datePublic": "2024-02-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-23T02:06:40.529Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3966"
},
{
"name": "RHBZ#2178363",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178363"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-14T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-02-08T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Openvswsitch: ovs-vswitch fails to recover after malformed geneve metadata packet",
"x_redhatCweChain": "CWE-248: Uncaught Exception"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3966",
"datePublished": "2024-02-22T12:15:53.128Z",
"dateReserved": "2023-07-26T23:16:24.169Z",
"dateUpdated": "2025-02-13T17:03:14.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-25076 (GCVE-0-2019-25076)
Vulnerability from cvelistv5
Published
2022-09-08 22:08
Modified
2024-08-05 03:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:18.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sites.google.com/view/tuple-space-explosion"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dl.acm.org/citation.cfm?doid=3359989.3365431"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://arxiv.org/abs/2011.09107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=DSC3m-Bww64"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=5cHpzVK0D28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-08T22:08:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sites.google.com/view/tuple-space-explosion"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dl.acm.org/citation.cfm?doid=3359989.3365431"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://arxiv.org/abs/2011.09107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=DSC3m-Bww64"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=5cHpzVK0D28"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sites.google.com/view/tuple-space-explosion",
"refsource": "MISC",
"url": "https://sites.google.com/view/tuple-space-explosion"
},
{
"name": "https://dl.acm.org/citation.cfm?doid=3359989.3365431",
"refsource": "MISC",
"url": "https://dl.acm.org/citation.cfm?doid=3359989.3365431"
},
{
"name": "https://arxiv.org/abs/2011.09107",
"refsource": "MISC",
"url": "https://arxiv.org/abs/2011.09107"
},
{
"name": "https://www.youtube.com/watch?v=DSC3m-Bww64",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=DSC3m-Bww64"
},
{
"name": "https://www.youtube.com/watch?v=5cHpzVK0D28",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=5cHpzVK0D28"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-25076",
"datePublished": "2022-09-08T22:08:42",
"dateReserved": "2022-09-08T00:00:00",
"dateUpdated": "2024-08-05T03:00:18.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3905 (GCVE-0-2021-3905)
Vulnerability from cvelistv5
Published
2022-08-23 00:00
Modified
2024-08-03 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-401 - - Missing Release of Memory after Effective Lifetime
Summary
A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | openvswitch (ovs) |
Version: Fixed in v2.17.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019692"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3905"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2021-3905"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openvswitch/ovs-issues/issues/226"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349"
},
{
"name": "GLSA-202311-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openvswitch (ovs)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in v2.17.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 - Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-26T11:06:13.552890",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019692"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-3905"
},
{
"url": "https://ubuntu.com/security/CVE-2021-3905"
},
{
"url": "https://github.com/openvswitch/ovs-issues/issues/226"
},
{
"url": "https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349"
},
{
"name": "GLSA-202311-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-16"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3905",
"datePublished": "2022-08-23T00:00:00",
"dateReserved": "2021-10-26T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10377 (GCVE-0-2016-10377)
Vulnerability from cvelistv5
Published
2017-05-29 03:52
Modified
2024-09-16 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:21:51.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2016-July/319503.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-29T03:52:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2016-July/319503.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mail.openvswitch.org/pipermail/ovs-dev/2016-July/319503.html",
"refsource": "CONFIRM",
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2016-July/319503.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10377",
"datePublished": "2017-05-29T03:52:00Z",
"dateReserved": "2017-05-28T00:00:00Z",
"dateUpdated": "2024-09-16T18:39:28.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9264 (GCVE-0-2017-9264)
Vulnerability from cvelistv5
Published
2017-05-29 03:52
Modified
2024-08-05 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:2727",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2727"
},
{
"name": "RHSA-2017:2418",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2418"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-March/329323.html"
},
{
"name": "RHSA-2017:2648",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2017:2727",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2727"
},
{
"name": "RHSA-2017:2418",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2418"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-March/329323.html"
},
{
"name": "RHSA-2017:2648",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2648"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2727",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2727"
},
{
"name": "RHSA-2017:2418",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2418"
},
{
"name": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-March/329323.html",
"refsource": "CONFIRM",
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-March/329323.html"
},
{
"name": "RHSA-2017:2648",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2648"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9264",
"datePublished": "2017-05-29T03:52:00",
"dateReserved": "2017-05-28T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0669 (GCVE-0-2022-0669)
Vulnerability from cvelistv5
Published
2022-08-29 14:03
Modified
2024-08-02 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - - Uncontrolled Resource Consumption.
Summary
A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=922"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-0669"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2022-0669"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DPDK",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects v19.11-rc1 and later, Fixed in v22.03-rc4."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 - Uncontrolled Resource Consumption.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T14:03:04",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=922"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-0669"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2022-0669"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-0669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DPDK",
"version": {
"version_data": [
{
"version_value": "Affects v19.11-rc1 and later, Fixed in v22.03-rc4."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 - Uncontrolled Resource Consumption."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793"
},
{
"name": "https://bugs.dpdk.org/show_bug.cgi?id=922",
"refsource": "MISC",
"url": "https://bugs.dpdk.org/show_bug.cgi?id=922"
},
{
"name": "https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227",
"refsource": "MISC",
"url": "https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2022-0669",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2022-0669"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2022-0669",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2022-0669"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0669",
"datePublished": "2022-08-29T14:03:04",
"dateReserved": "2022-02-17T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36980 (GCVE-0-2021-36980)
Vulnerability from cvelistv5
Published
2021-07-20 00:00
Modified
2025-05-05 16:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:09:07.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2"
},
{
"name": "GLSA-202311-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-16"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-36980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:22:15.331185Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:46:44.736Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-26T11:06:18.489Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml"
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851"
},
{
"url": "https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2"
},
{
"url": "https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f"
},
{
"url": "https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3"
},
{
"url": "https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35"
},
{
"url": "https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575"
},
{
"url": "https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2"
},
{
"name": "GLSA-202311-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-16"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36980",
"datePublished": "2021-07-20T00:00:00.000Z",
"dateReserved": "2021-07-20T00:00:00.000Z",
"dateUpdated": "2025-05-05T16:46:44.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35498 (GCVE-0-2020-35498)
Vulnerability from cvelistv5
Published
2021-02-11 00:00
Modified
2025-04-23 19:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | openvswitch |
Version: openvswitch 2.5.12, openvswitch 2.6.10, openvswitch 2.7.13, openvswitch 2.8.11, openvswitch 2.9.9, openvswitch 2.10.7, openvswitch 2.11.6, openvswitch 2.12.3, openvswitch 2.13.3, openvswitch 2.14.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:08.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908845"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/02/10/4"
},
{
"name": "DSA-4852",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4852"
},
{
"name": "[debian-lts-announce] 20210219 [SECURITY] [DLA 2571-1] openvswitch security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"
},
{
"name": "FEDORA-2021-fba11d37ee",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/"
},
{
"name": "GLSA-202311-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-16"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-35498",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:27:22.375206Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:46:26.834Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openvswitch",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "openvswitch 2.5.12, openvswitch 2.6.10, openvswitch 2.7.13, openvswitch 2.8.11, openvswitch 2.9.9, openvswitch 2.10.7, openvswitch 2.11.6, openvswitch 2.12.3, openvswitch 2.13.3, openvswitch 2.14.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-26T11:06:21.498Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908845"
},
{
"url": "https://www.openwall.com/lists/oss-security/2021/02/10/4"
},
{
"name": "DSA-4852",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4852"
},
{
"name": "[debian-lts-announce] 20210219 [SECURITY] [DLA 2571-1] openvswitch security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"
},
{
"name": "FEDORA-2021-fba11d37ee",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/"
},
{
"name": "GLSA-202311-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-16"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-35498",
"datePublished": "2021-02-11T00:00:00.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:46:26.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2074 (GCVE-0-2016-2074)
Vulnerability from cvelistv5
Published
2016-07-03 21:00
Modified
2024-08-05 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[ovs-announce] 20160328 CVE-2016-2074: MPLS buffer overflow vulnerabilities in Open vSwitch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openvswitch.org/pipermail/announce/2016-March/000082.html"
},
{
"name": "RHSA-2016:0537",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0537.html"
},
{
"name": "RHSA-2016:0524",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0524.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1318553"
},
{
"name": "DSA-3533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3533"
},
{
"name": "RHSA-2016:0615",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:0615"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-2074"
},
{
"name": "GLSA-201701-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-07"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX232655"
},
{
"name": "RHSA-2016:0523",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0523.html"
},
{
"name": "[ovs-announce] 20160328 Open vSwitch 2.4.1 and 2.3.3 Available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openvswitch.org/pipermail/announce/2016-March/000083.html"
},
{
"name": "85700",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/85700"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-22T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[ovs-announce] 20160328 CVE-2016-2074: MPLS buffer overflow vulnerabilities in Open vSwitch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openvswitch.org/pipermail/announce/2016-March/000082.html"
},
{
"name": "RHSA-2016:0537",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0537.html"
},
{
"name": "RHSA-2016:0524",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0524.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1318553"
},
{
"name": "DSA-3533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3533"
},
{
"name": "RHSA-2016:0615",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:0615"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-2074"
},
{
"name": "GLSA-201701-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-07"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX232655"
},
{
"name": "RHSA-2016:0523",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0523.html"
},
{
"name": "[ovs-announce] 20160328 Open vSwitch 2.4.1 and 2.3.3 Available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openvswitch.org/pipermail/announce/2016-March/000083.html"
},
{
"name": "85700",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/85700"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[ovs-announce] 20160328 CVE-2016-2074: MPLS buffer overflow vulnerabilities in Open vSwitch",
"refsource": "MLIST",
"url": "http://openvswitch.org/pipermail/announce/2016-March/000082.html"
},
{
"name": "RHSA-2016:0537",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0537.html"
},
{
"name": "RHSA-2016:0524",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0524.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1318553",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1318553"
},
{
"name": "DSA-3533",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3533"
},
{
"name": "RHSA-2016:0615",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:0615"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2016-2074",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2016-2074"
},
{
"name": "GLSA-201701-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-07"
},
{
"name": "https://support.citrix.com/article/CTX232655",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX232655"
},
{
"name": "RHSA-2016:0523",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0523.html"
},
{
"name": "[ovs-announce] 20160328 Open vSwitch 2.4.1 and 2.3.3 Available",
"refsource": "MLIST",
"url": "http://openvswitch.org/pipermail/announce/2016-March/000083.html"
},
{
"name": "85700",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/85700"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2074",
"datePublished": "2016-07-03T21:00:00",
"dateReserved": "2016-01-26T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-05-29 04:29
Modified
2025-04-20 01:37
Severity ?
Summary
In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2418 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2553 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2648 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2665 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2692 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2698 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2727 | ||
| cve@mitre.org | https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332966.html | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2418 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2553 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2648 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2665 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2692 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2698 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2727 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332966.html | Mailing List, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvswitch | openvswitch | 2.7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3C92CDE-F125-490D-9B70-AEAAA6947352",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch."
},
{
"lang": "es",
"value": "En Open vSwitch (OvS) versi\u00f3n 2.7.0, mientras se analiza un mensaje de estado de rol de OpenFlow, se llama a la funci\u00f3n abort() por motivos de estado de rol indefinido en la funci\u00f3n \u201cofp_print_role_status_message\u201d en la biblioteca \u201clib/ofp-print.c\u201d que puede ser aprovechada para un ataque de DoS remota mediante una interrupci\u00f3n maliciosa."
}
],
"id": "CVE-2017-9263",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-29T04:29:00.353",
"references": [
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2418"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2553"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2648"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2665"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2692"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2698"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2727"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332966.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332966.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-10 22:15
Modified
2024-11-21 07:35
Severity ?
Summary
An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://github.com/openvswitch/ovs/pull/405 | Patch, Third Party Advisory | |
| secalert@redhat.com | https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html | Mailing List, Patch, Vendor Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202311-16 | ||
| secalert@redhat.com | https://www.debian.org/security/2023/dsa-5319 | Third Party Advisory | |
| secalert@redhat.com | https://www.openwall.com/lists/oss-security/2022/12/21/4 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/openvswitch/ovs/pull/405 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202311-16 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2023/dsa-5319 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2022/12/21/4 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | * | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BFD6A72-E83A-46AB-88E9-6D0A5DC95094",
"versionEndExcluding": "2.13.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4634535-904C-4FEF-8175-9B2942756006",
"versionEndExcluding": "2.14.8",
"versionStartIncluding": "2.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42629A97-3DA9-4CB9-AA21-BAC4CF7B7D93",
"versionEndExcluding": "2.15.7",
"versionStartIncluding": "2.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2BA2C4-C818-4BE3-9ACD-6FBBA6C994CF",
"versionEndExcluding": "2.16.6",
"versionStartIncluding": "2.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F88C5B7-EA49-48DB-83C2-6BD30172DE7C",
"versionEndExcluding": "2.17.5",
"versionStartIncluding": "2.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B71BABA-4AE3-40BF-A073-06F0877E246A",
"versionEndExcluding": "3.0.3",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un desbordamiento de n\u00fameros enteros en el TLV espec\u00edfico de la organizaci\u00f3n en varias versiones de OpenvSwitch."
}
],
"id": "CVE-2022-4338",
"lastModified": "2024-11-21T07:35:05.063",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-10T22:15:14.007",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs/pull/405"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/202311-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5319"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2022/12/21/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs/pull/405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202311-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2022/12/21/4"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-19 16:29
Modified
2024-11-21 03:54
Severity ?
Summary
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:3500 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:0053 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:0081 | Third Party Advisory | |
| cve@mitre.org | https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8 | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3873-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3500 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0053 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0081 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3873-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvswitch | openvswitch | * | |
| redhat | openstack | 10 | |
| redhat | openstack | 13 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "682FD155-6A56-43D5-9953-852BB3AA0109",
"versionEndIncluding": "2.7.6",
"versionStartIncluding": "2.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
"matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*",
"matchCriteriaId": "704CFA1A-953E-4105-BFBE-406034B83DED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Open vSwitch, en versiones 2.7.x hasta la 2.7.6. La funci\u00f3n decode_bundle dentro de lib/ofp-actions.c se ve afectada por un problema de sobrelectura de b\u00fafer durante la decodificaci\u00f3n de la acci\u00f3n BUNDLE."
}
],
"id": "CVE-2018-17206",
"lastModified": "2024-11-21T03:54:05.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-19T16:29:01.113",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3500"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0053"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0081"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3873-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3873-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-03 21:59
Modified
2025-04-12 10:46
Severity ?
Summary
Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openvswitch.org/pipermail/announce/2016-March/000082.html | Vendor Advisory | |
| cve@mitre.org | http://openvswitch.org/pipermail/announce/2016-March/000083.html | Patch | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2016-0523.html | ||
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2016-0524.html | ||
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2016-0537.html | ||
| cve@mitre.org | http://www.debian.org/security/2016/dsa-3533 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/85700 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2016:0615 | ||
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1318553 | ||
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2016-2074 | ||
| cve@mitre.org | https://security.gentoo.org/glsa/201701-07 | ||
| cve@mitre.org | https://support.citrix.com/article/CTX232655 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openvswitch.org/pipermail/announce/2016-March/000082.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openvswitch.org/pipermail/announce/2016-March/000083.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2016-0523.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2016-0524.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2016-0537.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3533 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/85700 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2016:0615 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1318553 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2016-2074 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201701-07 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.citrix.com/article/CTX232655 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvswitch | openvswitch | 2.2.0 | |
| openvswitch | openvswitch | 2.3.0 | |
| openvswitch | openvswitch | 2.3.1 | |
| openvswitch | openvswitch | 2.3.2 | |
| openvswitch | openvswitch | 2.4.0 | |
| redhat | openshift | 3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A796838-9780-419B-9EAD-2360626C4695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B37942A8-CBC2-4750-9299-E39076F1D6F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30BB36D5-5E72-40BC-8C38-1804F48E0D30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8D03F8D4-40DA-4B83-8C5A-571DF817081D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "166C64EF-1F33-4257-AA88-83B37C128B9D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "F8E35FAB-695F-44DA-945D-60B47C1F200B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en lib/flow.c en ovs-vswitchd en Open vSwitch 2.2.x y 2.3.x en versiones anteriores a 2.3.3 y 2.4.x en versiones anteriores a 2.4.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de paquetes MPLS manipulados, seg\u00fan lo demostrado por una cadena larga en un comando ovs-appctl."
}
],
"id": "CVE-2016-2074",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-03T21:59:10.837",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://openvswitch.org/pipermail/announce/2016-March/000082.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://openvswitch.org/pipermail/announce/2016-March/000083.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0523.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0524.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0537.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3533"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/85700"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:0615"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1318553"
},
{
"source": "cve@mitre.org",
"url": "https://security-tracker.debian.org/tracker/CVE-2016-2074"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201701-07"
},
{
"source": "cve@mitre.org",
"url": "https://support.citrix.com/article/CTX232655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://openvswitch.org/pipermail/announce/2016-March/000082.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openvswitch.org/pipermail/announce/2016-March/000083.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0523.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0524.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0537.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/85700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:0615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1318553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security-tracker.debian.org/tracker/CVE-2016-2074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.citrix.com/article/CTX232655"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-29 04:29
Modified
2025-04-20 01:37
Severity ?
Summary
In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mail.openvswitch.org/pipermail/ovs-dev/2016-July/319503.html | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mail.openvswitch.org/pipermail/ovs-dev/2016-July/319503.html | Mailing List, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvswitch | openvswitch | 2.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A511432-CD6A-4ADF-B99A-D6704065023F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch."
},
{
"lang": "es",
"value": "En Open vSwitch (OvS) versi\u00f3n 2.5.0, un paquete IP malformado puede hacer que el conmutador lea m\u00e1s all\u00e1 del final del b\u00fafer de paquetes debido a un desbordamiento de enteros sin signo en `lib/flow.c` en la funci\u00f3n` miniflow_extract`, permitiendo eludir la lista de control de acceso forzada por el conmutador."
}
],
"id": "CVE-2016-10377",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-29T04:29:00.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2016-July/319503.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2016-July/319503.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-18 17:15
Modified
2024-11-21 05:21
Severity ?
Summary
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1921438 | Issue Tracking, Mitigation, Patch, Third Party Advisory | |
| secalert@redhat.com | https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf | Patch, Third Party Advisory | |
| secalert@redhat.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/ | ||
| secalert@redhat.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/ | ||
| secalert@redhat.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/ | ||
| secalert@redhat.com | https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html | Mailing List, Mitigation, Vendor Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202311-16 | ||
| secalert@redhat.com | https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1921438 | Issue Tracking, Mitigation, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html | Mailing List, Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202311-16 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lldpd_project | lldpd | * | |
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | * | |
| redhat | openshift_container_platform | 4.0 | |
| redhat | openstack | 10 | |
| redhat | openstack | 13 | |
| redhat | virtualization | 4.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| fedoraproject | fedora | 33 | |
| siemens | simatic_hmi_unified_comfort_panels_firmware | * | |
| siemens | simatic_hmi_unified_comfort_panels | - | |
| siemens | simatic_net_cp_1243-1_firmware | - | |
| siemens | simatic_net_cp_1243-1 | - | |
| siemens | simatic_net_cp_1243-8_irc_firmware | - | |
| siemens | simatic_net_cp_1243-8_irc | - | |
| siemens | simatic_net_cp_1542sp-1_firmware | - | |
| siemens | simatic_net_cp_1542sp-1 | - | |
| siemens | simatic_net_cp_1542sp-1_irc_firmware | - | |
| siemens | simatic_net_cp_1542sp-1_irc | - | |
| siemens | simatic_net_cp_1543-1_firmware | - | |
| siemens | simatic_net_cp_1543-1 | - | |
| siemens | simatic_net_cp_1543sp-1_firmware | - | |
| siemens | simatic_net_cp_1543sp-1 | - | |
| siemens | simatic_net_cp_1545-1_firmware | - | |
| siemens | simatic_net_cp_1545-1 | - | |
| siemens | tim_1531_irc_firmware | * | |
| siemens | tim_1531_irc | - | |
| siemens | sinumerik_one_firmware | * | |
| siemens | sinumerik_one | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lldpd_project:lldpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60E35B97-6AAD-4F2D-88E7-D1B235D36E63",
"versionEndExcluding": "1.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7946D64-A914-4DC4-8AFA-E5A4C9415B87",
"versionEndExcluding": "2.6.9",
"versionStartIncluding": "2.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCBC3BDE-1CFE-4275-8F33-BC7D0ECD88BA",
"versionEndExcluding": "2.7.12",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F553884B-6DC9-4DBD-ADD6-B24B8A9FDFBA",
"versionEndExcluding": "2.8.10",
"versionStartIncluding": "2.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A42E11A-8575-40B1-8343-840783E17FD0",
"versionEndExcluding": "2.9.8",
"versionStartIncluding": "2.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92DE8269-BD35-46B7-B4D0-5C0B5C3B2BE5",
"versionEndExcluding": "2.10.6",
"versionStartIncluding": "2.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA97E08-3F7E-46CE-B03D-FD06307137A8",
"versionEndExcluding": "2.11.5",
"versionStartIncluding": "2.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F74931FC-4B61-4EAD-90CD-D095A9BC76B6",
"versionEndExcluding": "2.12.2",
"versionStartIncluding": "2.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AACFC3E-4242-4E9E-9AC2-B2E1C700DF0C",
"versionEndExcluding": "2.13.2",
"versionStartIncluding": "2.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E22360F8-FD09-4CED-8E62-46916AB17A12",
"versionEndExcluding": "2.14.1",
"versionStartIncluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
"matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*",
"matchCriteriaId": "704CFA1A-953E-4105-BFBE-406034B83DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_hmi_unified_comfort_panels_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAB60054-8FD0-45A4-B7DC-FFF061764B80",
"versionEndExcluding": "17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_hmi_unified_comfort_panels:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2921C017-7617-4789-9690-C81EAC4F469D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1243-1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "238D992C-6158-4E31-AE0A-7A9C54B51963",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1243-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65278BA0-3C81-4D81-9801-D7BE3A1D7680",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1243-8_irc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2009C1FA-96D5-413C-9161-0DB55F841088",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1243-8_irc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "350FD323-C876-4C7A-A2E7-4B0660C87F6C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1542sp-1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F56E0C04-AEC3-45C8-93E7-FCA3B7F370F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1542sp-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0602DEEA-AE39-4A44-9D78-6623943DDCD6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1542sp-1_irc_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F7747CD-757E-4B36-8F23-7588183948A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1542sp-1_irc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1EE2F10-A7A6-486F-AE5C-53AE25BAF200",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1543-1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5A494F-2EAB-4647-9A45-5CB0C382E099",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1543-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F56C2BDC-928E-491A-8E7C-F976B3787C7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1543sp-1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98C894B9-C62A-4689-9DA4-D9A3795B8CE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1543sp-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "783B50B8-2FB7-4982-88AA-B4F2AD094796",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_net_cp_1545-1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A46FF27-6B0D-4606-9D7B-45912556416F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_net_cp_1545-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1256EB4B-DD8A-4F99-AE69-F74E8F789C63",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:tim_1531_irc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5B1898E-CB50-429B-9609-DC27C33C5C37",
"versionEndExcluding": "2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D94BEB-BBFB-4258-9835-87DBBB999239",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sinumerik_one_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "296D097F-C7D2-4D12-8621-E0D1CAE64FA1",
"versionEndExcluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sinumerik_one:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE30FFDF-5494-400D-8F88-954A6B1503B9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en m\u00faltiples versiones de OpenvSwitch.\u0026#xa0;Los paquetes LLDP especialmente dise\u00f1ados pueden causar que una memoria se pierda cuando se asignan datos para manejar TLV opcionales espec\u00edficos, potencialmente causando una denegaci\u00f3n de servicio.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema"
}
],
"id": "CVE-2020-27827",
"lastModified": "2024-11-21T05:21:53.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-18T17:15:13.510",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921438"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Mitigation",
"Vendor Advisory"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/202311-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Mitigation",
"Vendor Advisory"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202311-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-22 13:15
Modified
2025-05-16 14:17
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2023-3966 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2178363 | Third Party Advisory | |
| secalert@redhat.com | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/ | Mailing List | |
| secalert@redhat.com | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2023-3966 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2178363 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/ | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/ | Mailing List |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvswitch | openvswitch | * | |
| fedoraproject | fedora | 39 | |
| fedoraproject | fedora | 40 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9237AD53-749F-4A2B-9D35-EFF735E172D6",
"versionEndExcluding": "3.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en Open vSwitch donde varias versiones son vulnerables a paquetes Geneve manipulados, lo que puede resultar en una denegaci\u00f3n de servicio y accesos a memoria no v\u00e1lidos. Para desencadenar este problema es necesario que la descarga de hardware a trav\u00e9s de la ruta de enlace de red est\u00e9 habilitada."
}
],
"id": "CVE-2023-3966",
"lastModified": "2025-05-16T14:17:01.290",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-22T13:15:07.770",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3966"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178363"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-248"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-02 01:29
Modified
2025-04-20 01:37
Severity ?
Summary
In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html | Mailing List, Patch, Vendor Advisory | |
| cve@mitre.org | https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html | Mailing List, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvswitch | openvswitch | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9C4206-5C67-41FD-BEF0-80EFBF9A18D2",
"versionEndIncluding": "2.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating \"it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table.\""
},
{
"lang": "es",
"value": "En lib/ofp-util.c en Open vSwitch (OvS) en versiones anteriores a 2.8.1, hay m\u00faltiples fugas de memoria al analizar sint\u00e1cticamente mensajes mod grupales OpenFlow malformados. NOTA: El proveedor discute la relevancia de este informe, diciendo que \"solo puede ser iniciado mediante un controlador OpenFlow, pero los controladores OpenFlow tienen formas mucho m\u00e1s directas y poderosas para forzar a Open vSwitch a asignar memoria, como insertando flujos en la tabla de flujo\"."
}
],
"id": "CVE-2017-14970",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-02T01:29:00.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-29 15:15
Modified
2024-11-21 06:39
Severity ?
Summary
A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2022-0669 | Third Party Advisory | |
| secalert@redhat.com | https://bugs.dpdk.org/show_bug.cgi?id=922 | Patch, Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2055793 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227 | Patch, Third Party Advisory | |
| secalert@redhat.com | https://security-tracker.debian.org/tracker/CVE-2022-0669 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2022-0669 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.dpdk.org/show_bug.cgi?id=922 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2055793 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2022-0669 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dpdk | data_plane_development_kit | * | |
| dpdk | data_plane_development_kit | 19.11 | |
| dpdk | data_plane_development_kit | 19.11 | |
| dpdk | data_plane_development_kit | 19.11 | |
| dpdk | data_plane_development_kit | 19.11 | |
| dpdk | data_plane_development_kit | 19.11 | |
| dpdk | data_plane_development_kit | 22.03 | |
| dpdk | data_plane_development_kit | 22.03 | |
| dpdk | data_plane_development_kit | 22.03 | |
| openvswitch | openvswitch | 2.13.0 | |
| openvswitch | openvswitch | 2.15.0 | |
| redhat | openshift_container_platform | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00189B34-1D41-4AE8-988A-65013F529ABA",
"versionEndExcluding": "22.03",
"versionStartIncluding": "20.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D54C8537-09ED-447B-A677-C1B31CD43BE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7D64C9BE-1254-4E55-A4B9-BE0059E4AC88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "98F76795-E087-4163-8803-2DFA0571F720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F057C6ED-3DC1-41AD-A982-3DBA9FFBDC83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "F65AF826-2336-48B7-A364-BEAC013CA4BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CB0AB20E-A20A-4087-B944-6A1B6E7E936B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4A0E6108-A040-4749-85A6-C1DA127F482A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc3:*:*:*:*:*:*",
"matchCriteriaId": "844676DA-EA6F-4DA7-8248-6AD0139CC919",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:2.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "905886CA-734C-4988-8882-664826DFFEC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:2.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B5C7BBB-D091-4A58-9316-AECF82506865",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service."
},
{
"lang": "es",
"value": "Se ha encontrado un fallo en dpdk. Este fallo permite a un vhost-user master malicioso adjuntar un n\u00famero inesperado de fds como datos auxiliares a los mensajes VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD que no son cerrados por el vhost-user slave. Al enviar dichos mensajes continuamente, el maestro vhost-user agota los fd disponibles en el proceso esclavo vhost-user, conllevando a una denegaci\u00f3n de servicio"
}
],
"id": "CVE-2022-0669",
"lastModified": "2024-11-21T06:39:08.920",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-29T15:15:09.750",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-0669"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=922"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2022-0669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-0669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2022-0669"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-07 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683665 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2012/08/02/6 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2012/08/03/6 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/54789 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/54794 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=845350 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/77417 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683665 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2012/08/02/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2012/08/03/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/54789 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/54794 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=845350 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/77417 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvswitch | openvswitch | 1.4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "165CADB6-1519-4A30-A879-A43FBB4E55D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files."
},
{
"lang": "es",
"value": "Open vSwitch v1.4.2 utiliza permisos world writable para (1) /var/lib/openvswitch/pki/controllerca/incoming/ y (2) /var/lib/openvswitch/pki/switchca/incoming/, lo que permite a usuarios locales eliminar y sobrescribir ficheros."
}
],
"id": "CVE-2012-3449",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-07T20:55:03.780",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683665"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/02/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/03/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/54789"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/54794"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=845350"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/02/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/03/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/54789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/54794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=845350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77417"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-19 15:15
Modified
2025-06-02 15:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvswitch | openvswitch | 2.17.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:2.17.8:*:*:*:*:*:*:*",
"matchCriteriaId": "67FDBB4C-C2FE-47C6-A0A1-CDCAE3CA8846",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que openvswitch 2.17.8 conten\u00eda una p\u00e9rdida de memoria a trav\u00e9s de la funci\u00f3n xmalloc__ en openvswitch-2.17.8/lib/util.c."
}
],
"id": "CVE-2024-22563",
"lastModified": "2025-06-02T15:15:31.033",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-01-19T15:15:09.513",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/openvswitch/ovs-issues/issues/315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/openvswitch/ovs-issues/issues/315"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/openvswitch/ovs-issues/issues/315"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-19 16:29
Modified
2024-11-21 03:54
Severity ?
Summary
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:3500 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:0053 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:0081 | Third Party Advisory | |
| cve@mitre.org | https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6 | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3873-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3500 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0053 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0081 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3873-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvswitch | openvswitch | * | |
| redhat | openstack | 10 | |
| redhat | openstack | 13 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "682FD155-6A56-43D5-9953-852BB3AA0109",
"versionEndIncluding": "2.7.6",
"versionStartIncluding": "2.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
"matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*",
"matchCriteriaId": "704CFA1A-953E-4105-BFBE-406034B83DED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Open vSwitch (OvS) en versiones 2.7.x hasta la 2.7.6 que afecta a ofproto_rule_insert__ en ofproto/ofproto.c. Durante el commit bundle, los flujos que se a\u00f1aden a un bundle se aplican a ofproto en orden. Si un flujo no se puede a\u00f1adir (por ejemplo, la acci\u00f3n flow es un go-to para un ID de grupo que no existe), OvS intenta revertir todos los flujos anteriores cuando se aplican con \u00e9xito desde el mismo bundle. Esto es posible porque OvS mantiene una lista de flujos antiguos que se reemplazaron por flujos del bundle. Cuando se vuelve a insertar flujos antiguos, OvS tiene un fallo de aserci\u00f3n debido a una comprobaci\u00f3n en la declaraci\u00f3n de regla != RULE_INITIALIZED. Esto funcionar\u00eda para los nuevos flujos, pero para un flujo antiguo, la sentencia es RULE_REMOVED. El fallo de aserci\u00f3n provoca el cierre inesperado de OvS."
}
],
"id": "CVE-2018-17205",
"lastModified": "2024-11-21T03:54:05.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-19T16:29:01.003",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3500"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0053"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0081"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3873-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3873-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-08 23:15
Modified
2024-11-21 04:39
Severity ?
Summary
The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://arxiv.org/abs/2011.09107 | Third Party Advisory | |
| cve@mitre.org | https://dl.acm.org/citation.cfm?doid=3359989.3365431 | Third Party Advisory | |
| cve@mitre.org | https://sites.google.com/view/tuple-space-explosion | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.youtube.com/watch?v=5cHpzVK0D28 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.youtube.com/watch?v=DSC3m-Bww64 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://arxiv.org/abs/2011.09107 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dl.acm.org/citation.cfm?doid=3359989.3365431 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sites.google.com/view/tuple-space-explosion | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.youtube.com/watch?v=5cHpzVK0D28 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.youtube.com/watch?v=DSC3m-Bww64 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A15106-F7C3-4037-A6CE-2F84AC0F475B",
"versionEndIncluding": "2.17.2",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "678E9EE4-E0F3-42BA-BE52-44C09115EA9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack."
},
{
"lang": "es",
"value": "El algoritmo TSS (Tuple Space Search) en Open vSwitch versiones 2.x hasta 2.17.2 y 3.0.0, permite a atacantes remotos causar una denegaci\u00f3n de servicio (retrasos del tr\u00e1fico leg\u00edtimo) por medio de datos de paquetes dise\u00f1ados que requieren un tiempo de evaluaci\u00f3n excesivo dentro del algoritmo de clasificaci\u00f3n de paquetes para la cach\u00e9 de MegaFlow, tambi\u00e9n se conoce como ataque Tuple Space Explosion (TSE)"
}
],
"id": "CVE-2019-25076",
"lastModified": "2024-11-21T04:39:53.700",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-08T23:15:10.447",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://arxiv.org/abs/2011.09107"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://dl.acm.org/citation.cfm?doid=3359989.3365431"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sites.google.com/view/tuple-space-explosion"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=5cHpzVK0D28"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=DSC3m-Bww64"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://arxiv.org/abs/2011.09107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://dl.acm.org/citation.cfm?doid=3359989.3365431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sites.google.com/view/tuple-space-explosion"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=5cHpzVK0D28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=DSC3m-Bww64"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-06 18:15
Modified
2024-11-21 08:41
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2024/02/08/4 | ||
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2023-5366 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2006347 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2024/02/msg00004.html | ||
| secalert@redhat.com | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/ | ||
| secalert@redhat.com | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2024/02/08/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2023-5366 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2006347 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/02/msg00004.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvswitch | openvswitch | * | |
| redhat | openshift_container_platform | 4.0 | |
| redhat | virtualization | 4.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | fast_datapath | - | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29766552-B5EB-4F13-8317-92D8F385DF19",
"versionEndExcluding": "2023-02-28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:fast_datapath:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A63D05D-BFAF-484B-BA49-5F5E399CDA02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en Open vSwitch que permite que los paquetes de anuncios de vecinos ICMPv6 entre m\u00e1quinas virtuales omitan las reglas de OpenFlow. Este problema puede permitir que un atacante local cree paquetes especialmente manipulados con un campo de direcci\u00f3n IP de destino modificado o falsificado que puede redirigir el tr\u00e1fico ICMPv6 a direcciones IP arbitrarias."
}
],
"id": "CVE-2023-5366",
"lastModified": "2024-11-21T08:41:37.093",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-06T18:15:12.520",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2024/02/08/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5366"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006347"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00004.html"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2024/02/08/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-19 16:29
Modified
2024-11-21 03:54
Severity ?
Summary
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:3500 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:0053 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:0081 | Third Party Advisory | |
| cve@mitre.org | https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3873-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3500 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0053 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0081 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3873-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvswitch | openvswitch | * | |
| redhat | openstack | 10 | |
| redhat | openstack | 13 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "682FD155-6A56-43D5-9953-852BB3AA0109",
"versionEndIncluding": "2.7.6",
"versionStartIncluding": "2.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
"matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*",
"matchCriteriaId": "704CFA1A-953E-4105-BFBE-406034B83DED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Open vSwitch (OvS) en versiones 2.7.x hasta la 2.7.6 que afecta a parse_group_prop_ntr_selection_method en lib/ofp-util.c. Cuando se descodifica un mod de grupo, valida el tipo de grupo y comando despu\u00e9s de que todo el mod de grupo se haya descodificado. Sin embargo, el decodificador OF1.5 intenta utilizar el tipo y comando antes, cuando puede ser todav\u00eda no v\u00e1lido. Esto provoca un fallo de aserci\u00f3n (mediante OVS_NOT_REACHED). ovs-vswitchd tiene deshabilitado el soporte para OpenFlow 1.5 por defecto."
}
],
"id": "CVE-2018-17204",
"lastModified": "2024-11-21T03:54:05.327",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-19T16:29:00.897",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3500"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0053"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0081"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3873-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3873-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-23 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2418 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2553 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2648 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2665 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2692 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2698 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2727 | Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2418 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2553 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2648 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2665 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2692 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2698 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2727 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html | Mailing List, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvswitch | openvswitch | 2.7.0 | |
| debian | debian_linux | 9.0 | |
| redhat | openstack | 6.0 | |
| redhat | openstack | 7.0 | |
| redhat | openstack | 8 | |
| redhat | openstack | 9 | |
| redhat | openstack | 10 | |
| redhat | openstack | 11 | |
| redhat | virtualization | 4.1 | |
| redhat | virtualization_manager | 4.1 | |
| redhat | virtualization | 4.0 | |
| redhat | enterprise_linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3C92CDE-F125-490D-9B70-AEAAA6947352",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31EC146C-A6F6-4C0D-AF87-685286262DAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9DAA72A4-AC7D-4544-89D4-5B07961D5A95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B8C725-34CF-4340-BE7B-37E58CF706D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*",
"matchCriteriaId": "F40C26BE-56CB-4022-A1D8-3CA0A8F87F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
"matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9AF77C-5D49-4842-9817-AD710A919073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03EB0F63-DB24-4240-BC44-C92BAE7EAF42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization_manager:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF786B57-02C3-48B7-B902-318356B3A3B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`."
},
{
"lang": "es",
"value": "En Open vSwitch (OvS) versi\u00f3n 2.7.0, mientras analiza un mensaje OFPT_QUEUE_GET_CONFIG_REPLY tipo OFP versi\u00f3n 1.0, se presenta una lectura excesiva b\u00fafer causada por un desbordamiento de enteros sin signo en la funci\u00f3n \u201cofputil_pull_queue_get_config_reply10\u201d en la biblioteca \u201clib/ofp-util.c\u201d."
}
],
"id": "CVE-2017-9214",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-23T17:29:00.257",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2418"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2553"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2648"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2665"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2692"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2698"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2727"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-20 07:15
Modified
2025-05-05 17:17
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml | Third Party Advisory | |
| cve@mitre.org | https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2 | Patch, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202311-16 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202311-16 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvswitch | openvswitch | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6B7EDA-B9B0-4DC6-B474-3545482D6052",
"versionEndIncluding": "2.15.0",
"versionStartIncluding": "2.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action."
},
{
"lang": "es",
"value": "Open vSwitch (tambi\u00e9n se conoce como openvswitch) versiones 2.11.0 hasta 2.15.0, presenta un uso de la memoria previamente liberada en la funci\u00f3n decode_NXAST_RAW_ENCAP (llamado desde ofpact_decode y ofpacts_decode) durante la decodificaci\u00f3n de una acci\u00f3n RAW_ENCAP"
}
],
"id": "CVE-2021-36980",
"lastModified": "2025-05-05T17:17:25.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2021-07-20T07:15:08.113",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202311-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202311-16"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-29 04:29
Modified
2025-04-20 01:37
Severity ?
Summary
In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2418 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2648 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2727 | ||
| cve@mitre.org | https://mail.openvswitch.org/pipermail/ovs-dev/2017-March/329323.html | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2418 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2648 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2727 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://mail.openvswitch.org/pipermail/ovs-dev/2017-March/329323.html | Mailing List, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvswitch | openvswitch | 2.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6701F4D-8561-496B-8AEC-B23A149EC675",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely."
},
{
"lang": "es",
"value": "En la biblioteca lib/conntrack.c en la implementaci\u00f3n del firewall en Open vSwitch (OvS) versi\u00f3n 2.6.1, se presenta una lectura excesiva del b\u00fafer mientras se analizan los paquetes TCP, UDP e IPv6 malformados en las funciones \u201cextract_l3_ipv6\u201d, \u201cextract_l4_tcp\u201d y \u201cextract_l4_udp\u201d que pueden ser activadas remotamente."
}
],
"id": "CVE-2017-9264",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-29T04:29:00.400",
"references": [
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2418"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2648"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2727"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-March/329323.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-March/329323.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-10 22:15
Modified
2024-11-21 07:35
Severity ?
Summary
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://github.com/openvswitch/ovs/pull/405 | Patch, Third Party Advisory | |
| secalert@redhat.com | https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html | Mailing List, Patch, Vendor Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202311-16 | ||
| secalert@redhat.com | https://www.debian.org/security/2023/dsa-5319 | Third Party Advisory | |
| secalert@redhat.com | https://www.openwall.com/lists/oss-security/2022/12/21/4 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/openvswitch/ovs/pull/405 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202311-16 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2023/dsa-5319 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2022/12/21/4 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | * | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BFD6A72-E83A-46AB-88E9-6D0A5DC95094",
"versionEndExcluding": "2.13.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4634535-904C-4FEF-8175-9B2942756006",
"versionEndExcluding": "2.14.8",
"versionStartIncluding": "2.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42629A97-3DA9-4CB9-AA21-BAC4CF7B7D93",
"versionEndExcluding": "2.15.7",
"versionStartIncluding": "2.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2BA2C4-C818-4BE3-9ACD-6FBBA6C994CF",
"versionEndExcluding": "2.16.6",
"versionStartIncluding": "2.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F88C5B7-EA49-48DB-83C2-6BD30172DE7C",
"versionEndExcluding": "2.17.5",
"versionStartIncluding": "2.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B71BABA-4AE3-40BF-A073-06F0877E246A",
"versionEndExcluding": "3.0.3",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una lectura fuera de los l\u00edmites en TLV espec\u00edfico de la organizaci\u00f3n en varias versiones de OpenvSwitch."
}
],
"id": "CVE-2022-4337",
"lastModified": "2024-11-21T07:35:04.923",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-10T22:15:13.933",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs/pull/405"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/202311-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5319"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2022/12/21/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs/pull/405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202311-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2022/12/21/4"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-11 18:15
Modified
2025-04-23 20:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1908845 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/ | ||
| secalert@redhat.com | https://security.gentoo.org/glsa/202311-16 | ||
| secalert@redhat.com | https://www.debian.org/security/2021/dsa-4852 | Third Party Advisory | |
| secalert@redhat.com | https://www.openwall.com/lists/oss-security/2021/02/10/4 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1908845 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202311-16 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2021/dsa-4852 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2021/02/10/4 | Mailing List, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | * | |
| openvswitch | openvswitch | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 33 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4AAAA44-4650-4BE6-B705-767720A51BFA",
"versionEndExcluding": "2.5.12",
"versionStartIncluding": "2.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E78C71DF-5303-4887-A958-AA8974559F4B",
"versionEndExcluding": "2.6.10",
"versionStartIncluding": "2.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F43F9591-492D-42E1-B241-86A19538348C",
"versionEndExcluding": "2.7.13",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D17633D-6F1B-4482-98D0-F4D87F7E79F1",
"versionEndExcluding": "2.8.11",
"versionStartIncluding": "2.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9E06B0-A849-40E0-BA5E-4B94D51E34AC",
"versionEndExcluding": "2.9.9",
"versionStartIncluding": "2.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D812F1-C079-45D5-BB34-2599993B9E15",
"versionEndExcluding": "2.10.7",
"versionStartIncluding": "2.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7DFA70-32AD-4739-9020-C32C22A2677E",
"versionEndExcluding": "2.11.6",
"versionStartIncluding": "2.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6189A6A-85C4-469E-A1CA-8506ADD26CF6",
"versionEndExcluding": "2.12.3",
"versionStartIncluding": "2.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62204DE2-CD28-46B5-AE9A-42F2ADB9CC65",
"versionEndExcluding": "2.13.3",
"versionStartIncluding": "2.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "170C778E-64B7-484A-9497-9BF6C137B364",
"versionEndExcluding": "2.14.2",
"versionStartIncluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en openvswitch.\u0026#xa0;Una limitaci\u00f3n en la implementaci\u00f3n del an\u00e1lisis de paquetes del espacio de usuario puede permitir a un usuario malicioso env\u00ede un paquete especialmente dise\u00f1ado, lo que hace que el megaflujo resultante en el kernel sea demasiado amplio, causando potencialmente una denegaci\u00f3n de servicio.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema"
}
],
"id": "CVE-2020-35498",
"lastModified": "2025-04-23T20:15:20.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2021-02-11T18:15:15.677",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908845"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/202311-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4852"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2021/02/10/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202311-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2021/02/10/4"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-29 04:29
Modified
2025-04-20 01:37
Severity ?
Summary
In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2418 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2553 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2648 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2665 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2692 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2698 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2017:2727 | ||
| cve@mitre.org | https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332965.html | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2418 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2553 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2648 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2665 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2692 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2698 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2727 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332965.html | Mailing List, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvswitch | openvswitch | 2.7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3C92CDE-F125-490D-9B70-AEAAA6947352",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`."
},
{
"lang": "es",
"value": "En Open vSwitch (OvS) versi\u00f3n 2.7.0, se presenta una lectura excesiva del b\u00fafer mientras se analiza el mensaje group mod OpenFlow enviado desde el controlador en la biblioteca \u201clib/ofp-util.c\u201d en la funci\u00f3n \u201cofputil_pull_ofp15_group_mod\u201d."
}
],
"id": "CVE-2017-9265",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-29T04:29:00.430",
"references": [
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2418"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2553"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2648"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2665"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2692"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2698"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:2727"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332965.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:2727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332965.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-23 16:15
Modified
2024-11-21 06:22
Severity ?
Summary
A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2021-3905 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2019692 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://github.com/openvswitch/ovs-issues/issues/226 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349 | Patch, Third Party Advisory | |
| secalert@redhat.com | https://security.gentoo.org/glsa/202311-16 | ||
| secalert@redhat.com | https://ubuntu.com/security/CVE-2021-3905 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2021-3905 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2019692 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/openvswitch/ovs-issues/issues/226 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202311-16 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://ubuntu.com/security/CVE-2021-3905 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openvswitch | openvswitch | * | |
| redhat | enterprise_linux_fast_datapath | 7.0 | |
| redhat | enterprise_linux_fast_datapath | 8.0 | |
| canonical | ubuntu_linux | 21.10 | |
| fedoraproject | fedora | 35 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59369EE4-B970-4222-AA4E-276928B1016B",
"versionEndExcluding": "2.17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:enterprise_linux_fast_datapath:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "559A4609-EC7E-40CD-9165-5DA68CBCEE9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:enterprise_linux_fast_datapath:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE5723C-165D-4427-A8DF-82662A2E7A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE4D2D0-CEEB-416F-8BC5-A7987DF56190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments."
},
{
"lang": "es",
"value": "Se ha encontrado una p\u00e9rdida de memoria en Open vSwitch (OVS) durante el procesamiento de la fragmentaci\u00f3n IP en el espacio de usuario. Un atacante podr\u00eda usar este fallo para agotar potencialmente la memoria disponible al seguir enviando fragmentos de paquetes."
}
],
"id": "CVE-2021-3905",
"lastModified": "2024-11-21T06:22:44.723",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-23T16:15:10.177",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3905"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019692"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs-issues/issues/226"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/202311-16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/CVE-2021-3905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs-issues/issues/226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202311-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/CVE-2021-3905"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}