26 matches found
EUVD-2017-18201
Malware in sbrugna...
SUSE CVE-2017-9265
In Open vSwitch OvS v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in lib/ofp-util.c in the function ofputilpullofp15groupmod...
SUSE CVE-2017-14970
In lib/ofp-util.c in Open vSwitch OvS before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more...
SUSE CVE-2018-17204
An issue was discovered in Open vSwitch OvS 2.7.x through 2.7.6, affecting parsegrouppropntrselectionmethod in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and comma...
Denial Of Service (DoS)
openvswitch is vulnerable to denial of service. An assertion failure in the parsegrouppropntrselectionmethod function in lib/ofp-util.c allows for an attacker to cause a denial of service condition in the application. This is due to an invalid group type during decoding of a group mod when the...
Security update for openvswitch (moderate)
This update for openvswitch to version 2.7.6 fixes the following issues: These security issues were fixed: - CVE-2018-17205: Prevent OVS crash when reverting old flows in bundle commit bsc1104467. - CVE-2018-17206: Avoid buffer overread in BUNDLE action decoding bsc1104467. - CVE-2018-17204:When...
Design/Logic Flaw
An issue was discovered in Open vSwitch OvS 2.7.x through 2.7.6, affecting parsegrouppropntrselectionmethod in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and comma...
CVE-2018-17204
An issue was discovered in Open vSwitch OvS 2.7.x through 2.7.6, affecting parsegrouppropntrselectionmethod in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and comma...
DEBIAN-CVE-2018-17204
An issue was discovered in Open vSwitch OvS 2.7.x through 2.7.6, affecting parsegrouppropntrselectionmethod in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and comma...
CVE-2018-17204
An issue was discovered in Open vSwitch OvS 2.7.x through 2.7.6, affecting parsegrouppropntrselectionmethod in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and comma...
CVE-2018-17204
An issue was discovered in Open vSwitch OvS 2.7.x through 2.7.6, affecting parsegrouppropntrselectionmethod in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and comma...
UBUNTU-CVE-2018-17204
An issue was discovered in Open vSwitch OvS 2.7.x through 2.7.6, affecting parsegrouppropntrselectionmethod in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and comma...
CVE-2018-17204
An issue was discovered in Open vSwitch OvS 2.7.x through 2.7.6, affecting parsegrouppropntrselectionmethod in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and comma...
USN-3450-1 openvswitch vulnerabilities
Bhargava Shastry discovered that Open vSwitch incorrectly handled certain OFP messages. A remote attacker could possibly use this issue to cause Open vSwitch to crash, resulting in a denial of service. CVE-2017-9214 It was discovered that Open vSwitch incorrectly handled certain OpenFlow role...
DEBIAN-CVE-2017-14970
In lib/ofp-util.c in Open vSwitch OvS before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more...
UBUNTU-CVE-2017-14970
In lib/ofp-util.c in Open vSwitch OvS before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more...
Design/Logic Flaw
In lib/ofp-util.c in Open vSwitch OvS before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more...
CVE-2017-14970
In lib/ofp-util.c in Open vSwitch OvS before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more...
CVE-2017-14970
In lib/ofp-util.c in Open vSwitch OvS before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more...
openvswitch: Buffer over-read while parsing the group mod OpenFlow message
A buffer over-read issue was found in Open vSwitch OvS which emerged while parsing the GroupMod OpenFlow messages sent from the controller. The issue could enable an attacker to cause a denial of service type of attack...