Design/Logic Flaw

In Open vSwitch OvS v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in lib/ofp-util.c in the function ofputilpullofp15groupmod...

DEBIAN-CVE-2017-9265

In Open vSwitch OvS v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in lib/ofp-util.c in the function ofputilpullofp15groupmod...

CVE-2017-9263

In Open vSwitch OvS 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort function for undefined role status reasons in the function ofpprintrolestatusmessage in lib/ofp-print.c that may be leveraged toward a remote DoS attack by a malicious switch...

CVE-2017-9265

In Open vSwitch OvS v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in lib/ofp-util.c in the function ofputilpullofp15groupmod...

CVE-2017-9265

In Open vSwitch OvS v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in lib/ofp-util.c in the function ofputilpullofp15groupmod...

CVE-2017-9263

In Open vSwitch OvS 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort function for undefined role status reasons in the function ofpprintrolestatusmessage in lib/ofp-print.c that may be leveraged toward a remote DoS attack by a malicious switch...

CVE-2017-9265

In Open vSwitch OvS v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in lib/ofp-util.c in the function ofputilpullofp15groupmod...

CVE-2017-9263

CVE-2017-9263 affects Open vSwitch 2.7.0 where parsing an OpenFlow role status message can trigger abort() on undefined role status reasons in lib/ofp-print.c, enabling a remote DoS via a malicious switch. This is the core issue described across security notices (RHSA advisories and OSV entries) ...

CVE-2017-9265

In Open vSwitch OvS v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in lib/ofp-util.c in the function ofputilpullofp15groupmod...

CVE-2017-9263

In Open vSwitch OvS 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort function for undefined role status reasons in the function ofpprintrolestatusmessage in lib/ofp-print.c that may be leveraged toward a remote DoS attack by a malicious switch...

UBUNTU-CVE-2017-9263

In Open vSwitch OvS 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort function for undefined role status reasons in the function ofpprintrolestatusmessage in lib/ofp-print.c that may be leveraged toward a remote DoS attack by a malicious switch...

UBUNTU-CVE-2017-9265

In Open vSwitch OvS v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in lib/ofp-util.c in the function ofputilpullofp15groupmod...

UBUNTU-CVE-2017-9214

In Open vSwitch OvS 2.7.0, while parsing an OFPTQUEUEGETCONFIGREPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function ofputilpullqueuegetconfigreply10 in lib/ofp-util.c...

CVE-2017-1000357

Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulnerability affects OpenDaylight odl-l2switch-switch, which is the feature responsible for the OpenFlow communication. Version: OpenDaylight versions 3.3 Lithium-SR3, 3.4 Lithium-SR4, 4.0...

CVE-2017-1000357

Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulnerability affects OpenDaylight odl-l2switch-switch, which is the feature responsible for the OpenFlow communication. Version: OpenDaylight versions 3.3 Lithium-SR3, 3.4 Lithium-SR4, 4.0...

Design/Logic Flaw

Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulnerability affects OpenDaylight odl-l2switch-switch, which is the feature responsible for the OpenFlow communication. Version: OpenDaylight versions 3.3 Lithium-SR3, 3.4 Lithium-SR4, 4.0...

CVE-2017-1000357

Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulnerability affects OpenDaylight odl-l2switch-switch, which is the feature responsible for the OpenFlow communication. Version: OpenDaylight versions 3.3 Lithium-SR3, 3.4 Lithium-SR4, 4.0...

CVE-2017-1000357

Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulnerability affects OpenDaylight odl-l2switch-switch, which is the feature responsible for the OpenFlow communication. Version: OpenDaylight versions 3.3 Lithium-SR3, 3.4 Lithium-SR4, 4.0...

CVE-2017-1000357

The CVE affects OpenDaylight odl-l2switch-switch (OpenFlow component). A Denial of Service occurs when the switch rejects to receive packets from the controller. Impact is described as availability impact (Partial) with CVSS v3.0 HIGH and CVSS v2 MEDIUM, from the provided metrics. Affected OpenDa...

Buffer overflow

OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka "LLDP Relay."...