rpm package
suse/openvswitch&distro=SUSE OpenStack Cloud 6
pkg:rpm/suse/openvswitch&distro=SUSE%20OpenStack%20Cloud%206
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-14970 | Med | 5.9 | < 2.5.1-6.4.7 | 2.5.1-6.4.7 | Oct 2, 2017 | In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers | |
| CVE-2017-9265 | Cri | 9.8 | < 2.5.1-6.4.7 | 2.5.1-6.4.7 | May 29, 2017 | In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`. | |
| CVE-2017-9263 | Med | 6.5 | < 2.5.1-6.4.7 | 2.5.1-6.4.7 | May 29, 2017 | In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicio | |
| CVE-2017-9214 | Cri | 9.8 | < 2.5.1-6.4.7 | 2.5.1-6.4.7 | May 23, 2017 | In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. |
- affected < 2.5.1-6.4.7fixed 2.5.1-6.4.7
In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers
- affected < 2.5.1-6.4.7fixed 2.5.1-6.4.7
In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.
- affected < 2.5.1-6.4.7fixed 2.5.1-6.4.7
In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicio
- affected < 2.5.1-6.4.7fixed 2.5.1-6.4.7
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.