CyberSec.Space Logo
Back to CVE Browser

CVE-2017-14970

MEDIUM
5.9
CVSS Severity Score
EPSS Score0.1780%
EPSS Percentile16.02th
PublishedOct 2, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table."

Affected Platforms (CPE)

πŸ“¦
Openvswitch

Openvswitch

<= 2.8.0

References & Advisories

πŸ”— https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html
πŸ”— https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html
πŸ”— https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html
πŸ”— https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html

Related Vulnerabilities

CVE-2014-01879.0

The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated u...

CVE-2020-354987.5

A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious use...

CVE-2020-278277.5

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating d...

CVE-2021-469557.1

In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packet...

CVE-2017-14970 Detail & Impact Analysis | CVSS 5.9 (MEDIUM) | Cyber-Sec.Space | Cyber-Sec.Space