rpm package
suse/openvswitch&distro=SUSE Linux Enterprise Server 12 SP5
pkg:rpm/suse/openvswitch&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-22563 | — | < 2.11.5-3.21.1 | 2.11.5-3.21.1 | Jan 19, 2024 | openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. | ||
| CVE-2023-1668 | — | < 2.11.5-3.18.2 | 2.11.5-3.18.2 | Apr 10, 2023 | A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols | ||
| CVE-2022-4338 | — | < 2.11.5-3.15.1 | 2.11.5-3.15.1 | Jan 10, 2023 | An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. | ||
| CVE-2022-4337 | — | < 2.11.5-3.15.1 | 2.11.5-3.15.1 | Jan 10, 2023 | An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. | ||
| CVE-2022-32166 | — | < 2.11.5-3.12.1 | 2.11.5-3.12.1 | Sep 28, 2022 | In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remo | ||
| CVE-2021-36980 | — | < 2.11.5-3.6.1 | 2.11.5-3.6.1 | Jul 20, 2021 | Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. | ||
| CVE-2020-27827 | — | < 2.11.5-3.3.2 | 2.11.5-3.3.2 | Mar 18, 2021 | A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. | ||
| CVE-2020-35498 | — | < 2.11.5-3.9.1 | 2.11.5-3.9.1 | Feb 11, 2021 | A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest |
- CVE-2024-22563Jan 19, 2024affected < 2.11.5-3.21.1fixed 2.11.5-3.21.1
openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c.
- CVE-2023-1668Apr 10, 2023affected < 2.11.5-3.18.2fixed 2.11.5-3.18.2
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols
- CVE-2022-4338Jan 10, 2023affected < 2.11.5-3.15.1fixed 2.11.5-3.15.1
An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
- CVE-2022-4337Jan 10, 2023affected < 2.11.5-3.15.1fixed 2.11.5-3.15.1
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
- CVE-2022-32166Sep 28, 2022affected < 2.11.5-3.12.1fixed 2.11.5-3.12.1
In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remo
- CVE-2021-36980Jul 20, 2021affected < 2.11.5-3.6.1fixed 2.11.5-3.6.1
Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.
- CVE-2020-27827Mar 18, 2021affected < 2.11.5-3.3.2fixed 2.11.5-3.3.2
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
- CVE-2020-35498Feb 11, 2021affected < 2.11.5-3.9.1fixed 2.11.5-3.9.1
A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest