Page 2 of 8 results (0.010 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. Open vSwitch (también se conoce como openvswitch) versiones 2.11.0 hasta 2.15.0, presenta un uso de la memoria previamente liberada en la función decode_NXAST_RAW_ENCAP (llamado desde ofpact_decode y ofpacts_decode) durante la decodificación de una acción RAW_ENCAP Open vSwitch (aka openvswitch) has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3 https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35 https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2 https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0

A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. Se encontró una vulnerabilidad en openvswitch. Una limitación en la implementación del análisis de paquetes del espacio de usuario puede permitir a un usuario malicioso envíe un paquete especialmente diseñado, lo que hace que el megaflujo resultante en el kernel sea demasiado amplio, causando potencialmente una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=1908845 https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR https://security.gentoo.org/glsa/202311-16 https://www.debian.org/security/2021/dsa-4852 https://www.openwall.com/lists/oss-security/2021/02/10/4 https://access.redhat.com/security/cve/CVE-2020-35498 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 0%CPEs: 37EXPL: 0

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo en múltiples versiones de OpenvSwitch. Los paquetes LLDP especialmente diseñados pueden causar que una memoria se pierda cuando se asignan datos para manejar TLV opcionales específicos, potencialmente causando una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=1921438 https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D https://mail.openvswitch.org/pipermail/ovs-dev/2021&# • CWE-400: Uncontrolled Resource Consumption •