CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 0CVE-2018-17204 – openvswitch: Mishandle of group mods in lib/ofp-util.c:parse_group_prop_ntr_selection_method() allows for assertion failure
https://notcve.org/view.php?id=CVE-2018-17204
19 Sep 2018 — An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default. Se ha descubierto un problema en Open vSwi... • https://access.redhat.com/errata/RHSA-2018:3500 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-17205 – openvswitch: Error during bundle commit in ofproto/ofproto.c:ofproto_rule_insert__() allows for crash
https://notcve.org/view.php?id=CVE-2018-17205
19 Sep 2018 — An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While rei... • https://access.redhat.com/errata/RHSA-2018:3500 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 4.9EPSS: 2%CPEs: 6EXPL: 0CVE-2018-17206 – openvswitch: Buffer over-read in lib/ofp-actions.c:decode_bundle()
https://notcve.org/view.php?id=CVE-2018-17206
19 Sep 2018 — An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding. Se ha descubierto un problema en Open vSwitch, en versiones 2.7.x hasta la 2.7.6. La función decode_bundle dentro de lib/ofp-actions.c se ve afectada por un problema de sobrelectura de búfer durante la decodificación de la acción BUNDLE. An issue was discovered in Open vSwitch (OvS) 2.5.x through 2.5.5, 2.6.x through 2.6... • https://access.redhat.com/errata/RHSA-2018:3500 • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14970
https://notcve.org/view.php?id=CVE-2017-14970
01 Oct 2017 — In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table." En lib/ofp-util.c en Open vSwitch (OvS) en versiones anteriores a 2.8.1, hay múltiples fugas de memo... • https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10377
https://notcve.org/view.php?id=CVE-2016-10377
29 May 2017 — In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch. En Open vSwitch (OvS) versión 2.5.0, un paquete IP malformado puede hacer que el conmutador lea más allá del final del búfer de paquetes debido a un desbordamiento de enteros sin signo en `lib/flow.c` en la función` miniflow_extract`... • https://mail.openvswitch.org/pipermail/ovs-dev/2016-July/319503.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9263 – openvswitch: Invalid processing of a malicious OpenFlow role status message
https://notcve.org/view.php?id=CVE-2017-9263
29 May 2017 — In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch. En Open vSwitch (OvS) versión 2.7.0, mientras se analiza un mensaje de estado de rol de OpenFlow, se llama a la función abort() por motivos de estado de rol indefinido en la función “ofp_print_role_status_message” en la b... • https://access.redhat.com/errata/RHSA-2017:2418 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9265 – openvswitch: Buffer over-read while parsing the group mod OpenFlow message
https://notcve.org/view.php?id=CVE-2017-9265
29 May 2017 — In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`. En Open vSwitch (OvS) versión 2.7.0, se presenta una lectura excesiva del búfer mientras se analiza el mensaje group mod OpenFlow enviado desde el controlador en la biblioteca “lib/ofp-util.c” en la función “ofputil_pull_ofp15_group_mod”. A buffer over-read issue was found in Open vSwitch (OvS) which emerged while ... • https://access.redhat.com/errata/RHSA-2017:2418 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9264 – openvswitch: Buffer over-read while parsing malformed TCP, UDP and IPv6 packets
https://notcve.org/view.php?id=CVE-2017-9264
29 May 2017 — In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely. En la biblioteca lib/conntrack.c en la implementación del firewall en Open vSwitch (OvS) versión 2.6.1, se presenta una lectura excesiva del búfer mientras se analizan los paquetes TCP, UDP e IPv6 malformados en las funciones “extract_l3_ipv6”, “e... • https://access.redhat.com/errata/RHSA-2017:2418 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 5%CPEs: 12EXPL: 0CVE-2017-9214 – openvswitch: Integer underflow in the ofputil_pull_queue_get_config_reply10 function
https://notcve.org/view.php?id=CVE-2017-9214
23 May 2017 — In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. En Open vSwitch (OvS) versión 2.7.0, mientras analiza un mensaje OFPT_QUEUE_GET_CONFIG_REPLY tipo OFP versión 1.0, se presenta una lectura excesiva búfer causada por un desbordamiento de enteros sin signo en la función “ofputil_pull_queue_get_config_reply10” en l... • https://access.redhat.com/errata/RHSA-2017:2418 • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 9.8EPSS: 8%CPEs: 6EXPL: 0CVE-2016-2074 – openvswitch: MPLS buffer overflow vulnerability
https://notcve.org/view.php?id=CVE-2016-2074
29 Mar 2016 — Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command. Desbordamiento de buffer en lib/flow.c en ovs-vswitchd en Open vSwitch 2.2.x y 2.3.x en versiones anteriores a 2.3.3 y 2.4.x en versiones anteriores a 2.4.1 permite a atacantes remotos ejecutar código arbitrario a través de paquetes MPLS manipulados, según lo dem... • http://openvswitch.org/pipermail/announce/2016-March/000082.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •