9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.044 Low
EPSS
Percentile
92.3%
Severity: Medium
Date : 2021-01-20
CVE-ID : CVE-2015-8011 CVE-2020-27827
Package : openvswitch
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1456
The package openvswitch before version 2.14.1-1 is vulnerable to
multiple issues including arbitrary code execution and information
disclosure.
Upgrade to 2.14.1-1.
The problems have been fixed upstream in version 2.14.1.
None.
A buffer overflow in the lldp_decode function in
daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers
to cause a denial of service (daemon crash) and possibly execute
arbitrary code via vectors involving large management addresses and TLV
boundaries.
A security issue was found in lldpd before version 1.0.8. A packet that
contains multiple instances of certain TLVs will cause lldpd to
continually allocate memory and leak the old memory. As an example,
multiple instances of system name TLV will cause old values to be
dropped by the decoding routine.
A remote attacker can leak information or possibly execute arbitrary
code through crafted packets.
https://www.openwall.com/lists/oss-security/2015/10/16/2
https://github.com/lldpd/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2
https://mail.openvswitch.org/pipermail/ovs-announce/2021-January/000268.html
https://github.com/openvswitch/ovs/pull/335
https://github.com/openvswitch/ovs/commit/ec51fc90669e5fe1a2096581296d55b3acda6711
https://github.com/lldpd/lldpd/blob/master/NEWS
https://github.com/lldpd/lldpd/commit/a8d3c90feca548fc0656d95b5d278713db86ff61
https://mail.openvswitch.org/pipermail/ovs-announce/2021-January/000269.html
https://github.com/openvswitch/ovs/pull/337
https://github.com/openvswitch/ovs/commit/f915f32f5667e3b9d460055d8b47fa5d204ce83a
https://security.archlinux.org/CVE-2015-8011
https://security.archlinux.org/CVE-2020-27827
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | openvswitch | < 2.14.1-1 | UNKNOWN |
github.com/lldpd/lldpd/blob/master/NEWS
github.com/lldpd/lldpd/commit/a8d3c90feca548fc0656d95b5d278713db86ff61
github.com/lldpd/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2
github.com/openvswitch/ovs/commit/ec51fc90669e5fe1a2096581296d55b3acda6711
github.com/openvswitch/ovs/commit/f915f32f5667e3b9d460055d8b47fa5d204ce83a
github.com/openvswitch/ovs/pull/335
github.com/openvswitch/ovs/pull/337
mail.openvswitch.org/pipermail/ovs-announce/2021-January/000268.html
mail.openvswitch.org/pipermail/ovs-announce/2021-January/000269.html
security.archlinux.org/AVG-1456
security.archlinux.org/CVE-2015-8011
security.archlinux.org/CVE-2020-27827
www.openwall.com/lists/oss-security/2015/10/16/2
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.044 Low
EPSS
Percentile
92.3%