CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-14970

MEDIUM
5.9
CVSS Severity Score
EPSS Score0.1780%
EPSS Percentile16.02th
Published2017年10月2日
Last Modified2026年5月13日

Vulnerability Description

In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table."

Affected Platforms (CPE)

📦
Openvswitch

Openvswitch

<= 2.8.0

References & Advisories

🔗 https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html
🔗 https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html
🔗 https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html
🔗 https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html

関連する脆弱性情報

CVE-2014-01879.0

The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated u...

CVE-2020-354987.5

A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious use...

CVE-2020-278277.5

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating d...

CVE-2021-469557.1

In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packet...