Input validation

An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol OFP service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. On all Junos OS Evolved platforms, when specific TCP packets are...

SUSE CVE-2018-17206

An issue was discovered in Open vSwitch OvS 2.7.x through 2.7.6. The decodebundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding...

openvswitch: Mishandle of group mods in lib/ofp-util.c:parse_group_prop_ntr_selection_method() allows for assertion failure

An issue was discovered in Open vSwitch OvS, 2.4.x through 2.4.1, 2.5.x through 2.5.5, 2.6.x through 2.6.3, 2.7.x through 2.7.6, 2.8.x through 2.8.4, and2.9.x through 2.9.2, affecting the parsegrouppropntrselectionmethod in lib/ofp-util.c. On controllers with the OpenFlow 1.5 decoder enabled, a...

CVE-2018-17206

An issue was discovered in Open vSwitch OvS 2.7.x through 2.7.6. The decodebundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding...

Open vSwitch Denial of Service Vulnerability (CNVD-2017-32356)

Open vSwitch OvS is a multi-layer virtual switch product based on open source technology following the Apache 2.0 license that supports large-scale network automation through programmatic extensions, standard management interfaces and protocols, and more. A security vulnerability exists in the...

DEBIAN-CVE-2017-14970

In lib/ofp-util.c in Open vSwitch OvS before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more...

Design/Logic Flaw

In lib/ofp-util.c in Open vSwitch OvS before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more...

Integer Underflow

ovs is vulnerable to integer underflows. The library does not properly check memory size in the ofputilpullqueuegetconfigreply10 function in lib\ofp-util.c, causing an integer underflow that can crash the application or overwrite memory...

openvswitch: Invalid processing of a malicious OpenFlow role status message

While parsing an OpenFlow role status message Open vSwitch OvS, a call to the abort function for undefined role status reasons in the function 'ofpprintrolestatusmessage' in 'lib/ofp-print.c' could be misused for a remote denial of service attack by a malicious switch...

CVE-2017-9265

CVE-2017-9265 : Open vSwitch (OvS) 2.7.0 contains a buffer over-read while parsing the GroupMod OpenFlow message from the controller (function ofputil_pull_ofp15_group_mod in lib/ofp-util.c). Exploitation could cause a denial-of-service condition. Public sources in the connected documents describ...

CVE-2017-9263

CVE-2017-9263 affects Open vSwitch 2.7.0 where parsing an OpenFlow role status message can trigger abort() on undefined role status reasons in lib/ofp-print.c, enabling a remote DoS via a malicious switch. This is the core issue described across security notices (RHSA advisories and OSV entries) ...

UBUNTU-CVE-2017-9265

In Open vSwitch OvS v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in lib/ofp-util.c in the function ofputilpullofp15groupmod...

CVE-2017-9214

In Open vSwitch OvS 2.7.0, while parsing an OFPTQUEUEGETCONFIGREPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function ofputilpullqueuegetconfigreply10 in lib/ofp-util.c...

CVE-2017-9214

In Open vSwitch OvS 2.7.0, while parsing an OFPTQUEUEGETCONFIGREPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function ofputilpullqueuegetconfigreply10 in lib/ofp-util.c...

Integer overflow

In Open vSwitch OvS 2.7.0, while parsing an OFPTQUEUEGETCONFIGREPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function ofputilpullqueuegetconfigreply10 in lib/ofp-util.c...

CVE-2017-9214

In Open vSwitch OvS 2.7.0, while parsing an OFPTQUEUEGETCONFIGREPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function ofputilpullqueuegetconfigreply10 in lib/ofp-util.c...