CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-3905
https://notcve.org/view.php?id=CVE-2021-3905
A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments. Se ha encontrado una pérdida de memoria en Open vSwitch (OVS) durante el procesamiento de la fragmentación IP en el espacio de usuario. Un atacante podría usar este fallo para agotar potencialmente la memoria disponible al seguir enviando fragmentos de paquetes. • https://access.redhat.com/security/cve/CVE-2021-3905 https://bugzilla.redhat.com/show_bug.cgi?id=2019692 https://github.com/openvswitch/ovs-issues/issues/226 https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349 https://security.gentoo.org/glsa/202311-16 https://ubuntu.com/security/CVE-2021-3905 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36980 – openvswitch: use-after-free in decode_NXAST_RAW_ENCAP during the decoding of a RAW_ENCAP action
https://notcve.org/view.php?id=CVE-2021-36980
Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. Open vSwitch (también se conoce como openvswitch) versiones 2.11.0 hasta 2.15.0, presenta un uso de la memoria previamente liberada en la función decode_NXAST_RAW_ENCAP (llamado desde ofpact_decode y ofpacts_decode) durante la decodificación de una acción RAW_ENCAP Open vSwitch (aka openvswitch) has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3 https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35 https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2 https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6 • CWE-416: Use After Free •