Lucene search

[email protected]CVE-2020-27827

HistoryMar 18, 2021 - 5:15 p.m.

CVE-2020-27827

2021-03-1817:15:13

CWE-400

[email protected]

web.nvd.nist.gov

371

openvswitch

dos

cve-2020-27827

lldp

nvd

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.006

Percentile

78.3%

JSON

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

Affected configurations

Vulners

NVD

Node

openvswitchopenvswitchRange≤1.0.8

openvswitchopenvswitchRange≤2.14.1

openvswitchopenvswitchRange≤2.13.2

openvswitchopenvswitchRange≤2.12.2

openvswitchopenvswitchRange≤2.11.5

openvswitchopenvswitchRange≤2.10.6

openvswitchopenvswitchRange≤2.9.8

openvswitchopenvswitchRange≤2.8.10

openvswitchopenvswitchRange≤2.7.12

openvswitchopenvswitchRange≤2.6.9

VendorProductVersionCPE
openvswitchopenvswitch*cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*
openvswitchopenvswitch*cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*
openvswitchopenvswitch*cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*
openvswitchopenvswitch*cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*
openvswitchopenvswitch*cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*
openvswitchopenvswitch*cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*
openvswitchopenvswitch*cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*
openvswitchopenvswitch*cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*
openvswitchopenvswitch*cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*
openvswitchopenvswitch*cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openvswitch	openvswitch	*	cpe:2.3:a:openvswitch:openvswitch::::::::
openvswitch	openvswitch	*	cpe:2.3:a:openvswitch:openvswitch::::::::
openvswitch	openvswitch	*	cpe:2.3:a:openvswitch:openvswitch::::::::
openvswitch	openvswitch	*	cpe:2.3:a:openvswitch:openvswitch::::::::
openvswitch	openvswitch	*	cpe:2.3:a:openvswitch:openvswitch::::::::
openvswitch	openvswitch	*	cpe:2.3:a:openvswitch:openvswitch::::::::
openvswitch	openvswitch	*	cpe:2.3:a:openvswitch:openvswitch::::::::
openvswitch	openvswitch	*	cpe:2.3:a:openvswitch:openvswitch::::::::
openvswitch	openvswitch	*	cpe:2.3:a:openvswitch:openvswitch::::::::
openvswitch	openvswitch	*	cpe:2.3:a:openvswitch:openvswitch::::::::

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "lldp/openvswitch",
    "versions": [
      {
        "version": "lldpd 1.0.8, openvswitch 2.14.1, openvswitch 2.13.2, openvswitch 2.12.2, openvswitch 2.11.5, openvswitch 2.10.6, openvswitch 2.9.8, openvswitch 2.8.10, openvswitch 2.7.12, openvswitch 2.6.9",
        "status": "affected"
      }
    ]
  }
]