CVE-2018-17204
openvswitch: Mishandle of group mods in lib/ofp-util.c:parse_group_prop_ntr_selection_method() allows for assertion failure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default.
Se ha descubierto un problema en Open vSwitch (OvS) en versiones 2.7.x hasta la 2.7.6 que afecta a parse_group_prop_ntr_selection_method en lib/ofp-util.c. Cuando se descodifica un mod de grupo, valida el tipo de grupo y comando después de que todo el mod de grupo se haya descodificado. Sin embargo, el decodificador OF1.5 intenta utilizar el tipo y comando antes, cuando puede ser todavía no válido. Esto provoca un fallo de aserción (mediante OVS_NOT_REACHED). ovs-vswitchd tiene deshabilitado el soporte para OpenFlow 1.5 por defecto.
An issue was discovered in Open vSwitch (OvS), 2.4.x through 2.4.1, 2.5.x through 2.5.5, 2.6.x through 2.6.3, 2.7.x through 2.7.6, 2.8.x through 2.8.4, and2.9.x through 2.9.2, affecting the parse_group_prop_ntr_selection_method in lib/ofp-util.c. On controllers with the OpenFlow 1.5 decoder enabled, a specially crafted group update can cause an assertion failure, potentially leading to a Denial of Service condition.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-09-19 CVE Reserved
- 2018-09-19 CVE Published
- 2024-07-04 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-617: Reachable Assertion
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde | 2021-08-04 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2018:3500 | 2021-08-04 | |
https://access.redhat.com/errata/RHSA-2019:0053 | 2021-08-04 | |
https://access.redhat.com/errata/RHSA-2019:0081 | 2021-08-04 | |
https://usn.ubuntu.com/3873-1 | 2021-08-04 | |
https://access.redhat.com/security/cve/CVE-2018-17204 | 2019-01-16 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1632522 | 2019-01-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openvswitch Search vendor "Openvswitch" | Openvswitch Search vendor "Openvswitch" for product "Openvswitch" | >= 2.7.0 <= 2.7.6 Search vendor "Openvswitch" for product "Openvswitch" and version " >= 2.7.0 <= 2.7.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 10 Search vendor "Redhat" for product "Openstack" and version "10" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 13 Search vendor "Redhat" for product "Openstack" and version "13" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
|