CVE-2017-9214 – openvswitch: Integer underflow in the ofputil_pull_queue_get_config_reply10 function
https://notcve.org/view.php?id=CVE-2017-9214
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. En Open vSwitch (OvS) versión 2.7.0, mientras analiza un mensaje OFPT_QUEUE_GET_CONFIG_REPLY tipo OFP versión 1.0, se presenta una lectura excesiva búfer causada por un desbordamiento de enteros sin signo en la función “ofputil_pull_queue_get_config_reply10” en la biblioteca “lib/ofp-util.c”. An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch (OvS). An attacker could use this issue to cause a remote denial of service attack. • https://access.redhat.com/errata/RHSA-2017:2418 https://access.redhat.com/errata/RHSA-2017:2553 https://access.redhat.com/errata/RHSA-2017:2648 https://access.redhat.com/errata/RHSA-2017:2665 https://access.redhat.com/errata/RHSA-2017:2692 https://access.redhat.com/errata/RHSA-2017:2698 https://access.redhat.com/errata/RHSA-2017:2727 https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html https • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2016-2074 – openvswitch: MPLS buffer overflow vulnerability
https://notcve.org/view.php?id=CVE-2016-2074
Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command. Desbordamiento de buffer en lib/flow.c en ovs-vswitchd en Open vSwitch 2.2.x y 2.3.x en versiones anteriores a 2.3.3 y 2.4.x en versiones anteriores a 2.4.1 permite a atacantes remotos ejecutar código arbitrario a través de paquetes MPLS manipulados, según lo demostrado por una cadena larga en un comando ovs-appctl. A buffer overflow flaw was discovered in the OVS processing of MPLS labels. A remote attacker able to deliver a frame containing a malicious MPLS label that would be processed by OVS could trigger the flaw and use the resulting memory corruption to cause a denial of service (DoS) or, possibly, execute arbitrary code. • http://openvswitch.org/pipermail/announce/2016-March/000082.html http://openvswitch.org/pipermail/announce/2016-March/000083.html http://rhn.redhat.com/errata/RHSA-2016-0523.html http://rhn.redhat.com/errata/RHSA-2016-0524.html http://rhn.redhat.com/errata/RHSA-2016-0537.html http://www.debian.org/security/2016/dsa-3533 http://www.securityfocus.com/bid/85700 https://access.redhat.com/errata/RHSA-2016:0615 https://bugzilla.redhat.com/show_bug.cgi?id=1318553 https://s • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2012-3449
https://notcve.org/view.php?id=CVE-2012-3449
Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files. Open vSwitch v1.4.2 utiliza permisos world writable para (1) /var/lib/openvswitch/pki/controllerca/incoming/ y (2) /var/lib/openvswitch/pki/switchca/incoming/, lo que permite a usuarios locales eliminar y sobrescribir ficheros. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683665 http://www.openwall.com/lists/oss-security/2012/08/02/6 http://www.openwall.com/lists/oss-security/2012/08/03/6 http://www.securityfocus.com/bid/54789 http://www.securityfocus.com/bid/54794 https://bugzilla.redhat.com/show_bug.cgi?id=845350 https://exchange.xforce.ibmcloud.com/vulnerabilities/77417 • CWE-264: Permissions, Privileges, and Access Controls •