CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2020-35498 – openvswitch: limitation in the OVS packet parsing in userspace leads to DoS
https://notcve.org/view.php?id=CVE-2020-35498
A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. Se encontró una vulnerabilidad en openvswitch. Una limitación en la implementación del análisis de paquetes del espacio de usuario puede permitir a un usuario malicioso envíe un paquete especialmente diseñado, lo que hace que el megaflujo resultante en el kernel sea demasiado amplio, causando potencialmente una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=1908845 https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJ4DXFJWMZ325ECZXPZOSK7BOEDJZHPR https://security.gentoo.org/glsa/202311-16 https://www.debian.org/security/2021/dsa-4852 https://www.openwall.com/lists/oss-security/2021/02/10/4 https://access.redhat.com/security/cve/CVE-2020-35498 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 37EXPL: 0CVE-2020-27827 – lldp/openvswitch: denial of service via externally triggered memory leak
https://notcve.org/view.php?id=CVE-2020-27827
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo en múltiples versiones de OpenvSwitch. Los paquetes LLDP especialmente diseñados pueden causar que una memoria se pierda cuando se asignan datos para manejar TLV opcionales específicos, potencialmente causando una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=1921438 https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D https://mail.openvswitch.org/pipermail/ovs-dev/2021&# • CWE-400: Uncontrolled Resource Consumption •