openvswitch: Buffer over-read while parsing malformed TCP, UDP and IPv6 packets

🗓️ 06 Sep 2017 16:53:24Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 6 Views

Open vSwitch firewall has a buffer over-read when parsing malformed TCP, UDP, or IPv6 packets, enabling remote DoS.

Reporter	Title	Published	Views	Family All 31
IBM Security Bulletins	Security Bulletin: Vulnerabilities in OpenvSwitch affect PowerKVM	18 Jun 201801:38	–	ibm
CNVD	Open vSwitch buffer overflow vulnerability (CNVD-2017-09510)	1 Jun 201700:00	–	cnvd
CVE	CVE-2017-9264	29 May 201703:52	–	cve
Cvelist	CVE-2017-9264	29 May 201703:52	–	cvelist
Debian CVE	CVE-2017-9264	29 May 201703:52	–	debiancve
EUVD	EUVD-2017-18200	7 Oct 202500:30	–	euvd
Fedora	[SECURITY] Fedora 26 Update: openvswitch-2.7.0-5.fc26	19 Jun 201714:36	–	fedora
Tenable Nessus	Fedora 26 : openvswitch (2017-671e8c760f)	17 Jul 201700:00	–	nessus
Tenable Nessus	Photon OS 1.0: Openvswitch PHSA-2017-0020 (deprecated)	17 Aug 201800:00	–	nessus
Tenable Nessus	Photon OS 1.0: Openvswitch PHSA-2017-0020	7 Feb 201900:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	7	x86_64	openvswitch	0:2.6.1-13.git20161206.el7ost	openvswitch-0:2.6.1-13.git20161206.el7ost.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	openvswitch-debuginfo	0:2.6.1-13.git20161206.el7ost	openvswitch-debuginfo-0:2.6.1-13.git20161206.el7ost.x86_64.rpm
Red Hat Enterprise Linux	7	any	python-openvswitch	0:2.6.1-13.git20161206.el7ost.noarch	python-openvswitch-0:2.6.1-13.git20161206.el7ost.noarch.noarch.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2017-9264
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2017-9264
cve	www.cve.org/CVERecord

13 May 2026 01:09Current

5.9Medium risk

Vulners AI Score5.9

CVSS 27.5

CVSS 39.8

EPSS0.02415

Open vSwitch Buffer overread Malformed packets Transmission Control Protocol User Datagram Protocol IP version six Remote denial of service Unix