CVE-2017-14970
https://notcve.org/view.php?id=CVE-2017-14970
In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table." En lib/ofp-util.c en Open vSwitch (OvS) en versiones anteriores a 2.8.1, hay múltiples fugas de memoria al analizar sintácticamente mensajes mod grupales OpenFlow malformados. NOTA: El proveedor discute la relevancia de este informe, diciendo que "solo puede ser iniciado mediante un controlador OpenFlow, pero los controladores OpenFlow tienen formas mucho más directas y poderosas para forzar a Open vSwitch a asignar memoria, como insertando flujos en la tabla de flujo". • https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2016-2074 – openvswitch: MPLS buffer overflow vulnerability
https://notcve.org/view.php?id=CVE-2016-2074
Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command. Desbordamiento de buffer en lib/flow.c en ovs-vswitchd en Open vSwitch 2.2.x y 2.3.x en versiones anteriores a 2.3.3 y 2.4.x en versiones anteriores a 2.4.1 permite a atacantes remotos ejecutar código arbitrario a través de paquetes MPLS manipulados, según lo demostrado por una cadena larga en un comando ovs-appctl. A buffer overflow flaw was discovered in the OVS processing of MPLS labels. A remote attacker able to deliver a frame containing a malicious MPLS label that would be processed by OVS could trigger the flaw and use the resulting memory corruption to cause a denial of service (DoS) or, possibly, execute arbitrary code. • http://openvswitch.org/pipermail/announce/2016-March/000082.html http://openvswitch.org/pipermail/announce/2016-March/000083.html http://rhn.redhat.com/errata/RHSA-2016-0523.html http://rhn.redhat.com/errata/RHSA-2016-0524.html http://rhn.redhat.com/errata/RHSA-2016-0537.html http://www.debian.org/security/2016/dsa-3533 http://www.securityfocus.com/bid/85700 https://access.redhat.com/errata/RHSA-2016:0615 https://bugzilla.redhat.com/show_bug.cgi?id=1318553 https://s • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •