Medium severity4.3NVD Advisory· Published Sep 19, 2018· Updated Jun 17, 2026
CVE-2018-17204
CVE-2018-17204
Description
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <=2.7.6
- osv-coords2 versionspkg:rpm/suse/openvswitch&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/openvswitch&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
< 2.7.6-3.23.1+ 1 more
- (no CPE)range: < 2.7.6-3.23.1
- (no CPE)range: < 2.7.6-3.23.1
Patches
Vulnerability mechanics
References
6- github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cdenvdPatchThird Party Advisory
- access.redhat.com/errata/RHSA-2018:3500nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2019:0053nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2019:0081nvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2021/02/msg00032.htmlnvdMailing ListThird Party Advisory
- usn.ubuntu.com/3873-1/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.