Lucene search

K
ubuntucveUbuntu.comUB:CVE-2017-14970
HistoryOct 02, 2017 - 12:00 a.m.

CVE-2017-14970

2017-10-0200:00:00
ubuntu.com
ubuntu.com
8

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

44.1%

In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple
memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the
vendor disputes the relevance of this report, stating “it can only be
triggered by an OpenFlow controller, but OpenFlow controllers have much
more direct and powerful ways to force Open vSwitch to allocate memory,
such as by inserting flows into the flow table.”

Bugs

Notes

Author Note
mdeslaur upstream is working to get this CVE rejected. https://mail.openvswitch.org/pipermail/ovs-dev/2017-October/339432.html marking as ignored

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

44.1%