CVE-2017-9264 – openvswitch: Buffer over-read while parsing malformed TCP, UDP and IPv6 packets
https://notcve.org/view.php?id=CVE-2017-9264
In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely. En la biblioteca lib/conntrack.c en la implementación del firewall en Open vSwitch (OvS) versión 2.6.1, se presenta una lectura excesiva del búfer mientras se analizan los paquetes TCP, UDP e IPv6 malformados en las funciones “extract_l3_ipv6”, “extract_l4_tcp” y “extract_l4_udp” que pueden ser activadas remotamente. A buffer over-read was found in the Open vSwitch (OvS) firewall implementation. This flaw can be triggered by parsing a specially crafted TCP, UDP, or IPv6 packet. A remote attack could use this flaw to cause a Denial of Service (DoS). • https://access.redhat.com/errata/RHSA-2017:2418 https://access.redhat.com/errata/RHSA-2017:2648 https://access.redhat.com/errata/RHSA-2017:2727 https://mail.openvswitch.org/pipermail/ovs-dev/2017-March/329323.html https://access.redhat.com/security/cve/CVE-2017-9264 https://bugzilla.redhat.com/show_bug.cgi?id=1457329 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVE-2017-9265 – openvswitch: Buffer over-read while parsing the group mod OpenFlow message
https://notcve.org/view.php?id=CVE-2017-9265
In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`. En Open vSwitch (OvS) versión 2.7.0, se presenta una lectura excesiva del búfer mientras se analiza el mensaje group mod OpenFlow enviado desde el controlador en la biblioteca “lib/ofp-util.c” en la función “ofputil_pull_ofp15_group_mod”. A buffer over-read issue was found in Open vSwitch (OvS) which emerged while parsing the GroupMod OpenFlow messages sent from the controller. The issue could enable an attacker to cause a denial of service type of attack. • https://access.redhat.com/errata/RHSA-2017:2418 https://access.redhat.com/errata/RHSA-2017:2553 https://access.redhat.com/errata/RHSA-2017:2648 https://access.redhat.com/errata/RHSA-2017:2665 https://access.redhat.com/errata/RHSA-2017:2692 https://access.redhat.com/errata/RHSA-2017:2698 https://access.redhat.com/errata/RHSA-2017:2727 https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332965.html https://access.redhat.com/security/cve/CVE-2017-9265 https://bugzil • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVE-2016-10377
https://notcve.org/view.php?id=CVE-2016-10377
In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch. En Open vSwitch (OvS) versión 2.5.0, un paquete IP malformado puede hacer que el conmutador lea más allá del final del búfer de paquetes debido a un desbordamiento de enteros sin signo en `lib/flow.c` en la función` miniflow_extract`, permitiendo eludir la lista de control de acceso forzada por el conmutador. • https://mail.openvswitch.org/pipermail/ovs-dev/2016-July/319503.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-9214 – openvswitch: Integer underflow in the ofputil_pull_queue_get_config_reply10 function
https://notcve.org/view.php?id=CVE-2017-9214
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. En Open vSwitch (OvS) versión 2.7.0, mientras analiza un mensaje OFPT_QUEUE_GET_CONFIG_REPLY tipo OFP versión 1.0, se presenta una lectura excesiva búfer causada por un desbordamiento de enteros sin signo en la función “ofputil_pull_queue_get_config_reply10” en la biblioteca “lib/ofp-util.c”. An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch (OvS). An attacker could use this issue to cause a remote denial of service attack. • https://access.redhat.com/errata/RHSA-2017:2418 https://access.redhat.com/errata/RHSA-2017:2553 https://access.redhat.com/errata/RHSA-2017:2648 https://access.redhat.com/errata/RHSA-2017:2665 https://access.redhat.com/errata/RHSA-2017:2692 https://access.redhat.com/errata/RHSA-2017:2698 https://access.redhat.com/errata/RHSA-2017:2727 https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html https • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2016-2074 – openvswitch: MPLS buffer overflow vulnerability
https://notcve.org/view.php?id=CVE-2016-2074
Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command. Desbordamiento de buffer en lib/flow.c en ovs-vswitchd en Open vSwitch 2.2.x y 2.3.x en versiones anteriores a 2.3.3 y 2.4.x en versiones anteriores a 2.4.1 permite a atacantes remotos ejecutar código arbitrario a través de paquetes MPLS manipulados, según lo demostrado por una cadena larga en un comando ovs-appctl. A buffer overflow flaw was discovered in the OVS processing of MPLS labels. A remote attacker able to deliver a frame containing a malicious MPLS label that would be processed by OVS could trigger the flaw and use the resulting memory corruption to cause a denial of service (DoS) or, possibly, execute arbitrary code. • http://openvswitch.org/pipermail/announce/2016-March/000082.html http://openvswitch.org/pipermail/announce/2016-March/000083.html http://rhn.redhat.com/errata/RHSA-2016-0523.html http://rhn.redhat.com/errata/RHSA-2016-0524.html http://rhn.redhat.com/errata/RHSA-2016-0537.html http://www.debian.org/security/2016/dsa-3533 http://www.securityfocus.com/bid/85700 https://access.redhat.com/errata/RHSA-2016:0615 https://bugzilla.redhat.com/show_bug.cgi?id=1318553 https://s • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •