CVE-2017-14970
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table."
En lib/ofp-util.c en Open vSwitch (OvS) en versiones anteriores a 2.8.1, hay múltiples fugas de memoria al analizar sintácticamente mensajes mod grupales OpenFlow malformados. NOTA: El proveedor discute la relevancia de este informe, diciendo que "solo puede ser iniciado mediante un controlador OpenFlow, pero los controladores OpenFlow tienen formas mucho más directas y poderosas para forzar a Open vSwitch a asignar memoria, como insertando flujos en la tabla de flujo".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-10-01 CVE Reserved
- 2017-10-01 CVE Published
- 2023-08-11 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-772: Missing Release of Resource after Effective Lifetime
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html | 2019-10-03 | |
https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html | 2019-10-03 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openvswitch Search vendor "Openvswitch" | Openvswitch Search vendor "Openvswitch" for product "Openvswitch" | <= 2.8.0 Search vendor "Openvswitch" for product "Openvswitch" and version " <= 2.8.0" | - |
Affected
|