782 matches found
CVE-2017-14970
In lib/ofp-util.c in Open vSwitch OvS before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more...
CVE-2017-14970
Open vSwitch contains CVE-2017-14970: memory leaks in lib/ofp-util.c when parsing malformed OpenFlow group mod messages. Documentation across multiple sources confirms affected product Open vSwitch, with fixes implemented in Open vSwitch 2.8.1 (or newer per update advisories). The vendor dispute ...
CVE-2017-14970
In lib/ofp-util.c in Open vSwitch OvS before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more...
CVE-2017-14970
In lib/ofp-util.c in Open vSwitch OvS before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more...
openvswitch: Buffer over-read while parsing malformed TCP, UDP and IPv6 packets
A buffer over-read was found in the Open vSwitch OvS firewall implementation. This flaw can be triggered by parsing a specially crafted TCP, UDP, or IPv6 packet. A remote attack could use this flaw to cause a Denial of Service DoS...
Moderate: Red Hat Security Advisory: openvswitch security update
An update for openvswitch is now available for Red Hat OpenStack Platform 11.0 Ocata. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
openvswitch: Invalid processing of a malicious OpenFlow role status message
While parsing an OpenFlow role status message Open vSwitch OvS, a call to the abort function for undefined role status reasons in the function 'ofpprintrolestatusmessage' in 'lib/ofp-print.c' could be misused for a remote denial of service attack by a malicious switch...
openvswitch: Buffer over-read while parsing the group mod OpenFlow message
A buffer over-read issue was found in Open vSwitch OvS which emerged while parsing the GroupMod OpenFlow messages sent from the controller. The issue could enable an attacker to cause a denial of service type of attack...
openvswitch: Invalid processing of a malicious OpenFlow role status message
While parsing an OpenFlow role status message Open vSwitch OvS, a call to the abort function for undefined role status reasons in the function 'ofpprintrolestatusmessage' in 'lib/ofp-print.c' could be misused for a remote denial of service attack by a malicious switch...
Moderate: Red Hat Security Advisory: openvswitch security update
An update for openvswitch is now available for Red Hat OpenStack Platform 8.0 Liberty. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
openvswitch: Buffer over-read while parsing the group mod OpenFlow message
A buffer over-read issue was found in Open vSwitch OvS which emerged while parsing the GroupMod OpenFlow messages sent from the controller. The issue could enable an attacker to cause a denial of service type of attack...
openvswitch: Invalid processing of a malicious OpenFlow role status message
While parsing an OpenFlow role status message Open vSwitch OvS, a call to the abort function for undefined role status reasons in the function 'ofpprintrolestatusmessage' in 'lib/ofp-print.c' could be misused for a remote denial of service attack by a malicious switch...
openvswitch: Integer underflow in the ofputil_pull_queue_get_config_reply10 function
An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPTQUEUEGETCONFIGREPLY messages in Open vSwitch OvS. An attacker could use this issue to cause a remote denial of service attack...
Moderate: Red Hat Security Advisory: openvswitch security update
An update for openvswitch is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Juno for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
openvswitch: Buffer over-read while parsing the group mod OpenFlow message
A buffer over-read issue was found in Open vSwitch OvS which emerged while parsing the GroupMod OpenFlow messages sent from the controller. The issue could enable an attacker to cause a denial of service type of attack...
openvswitch: Invalid processing of a malicious OpenFlow role status message
While parsing an OpenFlow role status message Open vSwitch OvS, a call to the abort function for undefined role status reasons in the function 'ofpprintrolestatusmessage' in 'lib/ofp-print.c' could be misused for a remote denial of service attack by a malicious switch...
openvswitch: Buffer over-read while parsing the group mod OpenFlow message
A buffer over-read issue was found in Open vSwitch OvS which emerged while parsing the GroupMod OpenFlow messages sent from the controller. The issue could enable an attacker to cause a denial of service type of attack...
Moderate: Red Hat Security Advisory: openvswitch security and bug fix update
An update for openvswitch is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
openvswitch: Integer underflow in the ofputil_pull_queue_get_config_reply10 function
An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPTQUEUEGETCONFIGREPLY messages in Open vSwitch OvS. An attacker could use this issue to cause a remote denial of service attack...
openvswitch: Buffer over-read while parsing malformed TCP, UDP and IPv6 packets
A buffer over-read was found in the Open vSwitch OvS firewall implementation. This flaw can be triggered by parsing a specially crafted TCP, UDP, or IPv6 packet. A remote attack could use this flaw to cause a Denial of Service DoS...