rpm package
suse/openvswitch&distro=SUSE Linux Enterprise Server 12 SP3
pkg:rpm/suse/openvswitch&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-17206 | — | < 2.7.6-3.23.1 | 2.7.6-3.23.1 | Sep 19, 2018 | An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding. | ||
| CVE-2018-17205 | — | < 2.7.6-3.23.1 | 2.7.6-3.23.1 | Sep 19, 2018 | An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group | ||
| CVE-2018-17204 | — | < 2.7.6-3.23.1 | 2.7.6-3.23.1 | Sep 19, 2018 | An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries t | ||
| CVE-2017-14970 | Med | 5.9 | < 2.7.0-3.10.1 | 2.7.0-3.10.1 | Oct 2, 2017 | In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers | |
| CVE-2017-9265 | Cri | 9.8 | < 2.7.0-3.3.1 | 2.7.0-3.3.1 | May 29, 2017 | In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`. | |
| CVE-2017-9263 | Med | 6.5 | < 2.7.0-3.3.1 | 2.7.0-3.3.1 | May 29, 2017 | In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicio |
- CVE-2018-17206Sep 19, 2018affected < 2.7.6-3.23.1fixed 2.7.6-3.23.1
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.
- CVE-2018-17205Sep 19, 2018affected < 2.7.6-3.23.1fixed 2.7.6-3.23.1
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group
- CVE-2018-17204Sep 19, 2018affected < 2.7.6-3.23.1fixed 2.7.6-3.23.1
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries t
- affected < 2.7.0-3.10.1fixed 2.7.0-3.10.1
In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers
- affected < 2.7.0-3.3.1fixed 2.7.0-3.3.1
In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.
- affected < 2.7.0-3.3.1fixed 2.7.0-3.3.1
In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicio