VYPR

rpm package

suse/openvswitch&distro=SUSE OpenStack Cloud 6

pkg:rpm/suse/openvswitch&distro=SUSE%20OpenStack%20Cloud%206

Vulnerabilities (4)

  • CVE-2017-14970MedOct 2, 2017
    affected < 2.5.1-6.4.7fixed 2.5.1-6.4.7

    In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers

  • CVE-2017-9265CriMay 29, 2017
    affected < 2.5.1-6.4.7fixed 2.5.1-6.4.7

    In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.

  • CVE-2017-9263MedMay 29, 2017
    affected < 2.5.1-6.4.7fixed 2.5.1-6.4.7

    In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicio

  • CVE-2017-9214CriMay 23, 2017
    affected < 2.5.1-6.4.7fixed 2.5.1-6.4.7

    In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.