CVE-2017-9263
openvswitch: Invalid processing of a malicious OpenFlow role status message
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch.
En Open vSwitch (OvS) versión 2.7.0, mientras se analiza un mensaje de estado de rol de OpenFlow, se llama a la función abort() por motivos de estado de rol indefinido en la función “ofp_print_role_status_message” en la biblioteca “lib/ofp-print.c” que puede ser aprovechada para un ataque de DoS remota mediante una interrupción maliciosa.
While parsing an OpenFlow role status message Open vSwitch (OvS), a call to the abort() function for undefined role status reasons in the function 'ofp_print_role_status_message' in 'lib/ofp-print.c' could be misused for a remote denial of service attack by a malicious switch.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-05-28 CVE Reserved
- 2017-05-29 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (10)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332966.html | 2018-01-05 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2017:2418 | 2018-01-05 | |
https://access.redhat.com/errata/RHSA-2017:2553 | 2018-01-05 | |
https://access.redhat.com/errata/RHSA-2017:2648 | 2018-01-05 | |
https://access.redhat.com/errata/RHSA-2017:2665 | 2018-01-05 | |
https://access.redhat.com/errata/RHSA-2017:2692 | 2018-01-05 | |
https://access.redhat.com/errata/RHSA-2017:2698 | 2018-01-05 | |
https://access.redhat.com/errata/RHSA-2017:2727 | 2018-01-05 | |
https://access.redhat.com/security/cve/CVE-2017-9263 | 2017-09-13 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1457327 | 2017-09-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openvswitch Search vendor "Openvswitch" | Openvswitch Search vendor "Openvswitch" for product "Openvswitch" | 2.7.0 Search vendor "Openvswitch" for product "Openvswitch" and version "2.7.0" | - |
Affected
|