CVE-2017-9214

Опубликовано: 23 мая 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function ofputil_pull_queue_get_config_reply10 in lib/ofp-util.c.

Ссылки

https://access.redhat.com/errata/RHSA-2017:2418
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2553
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2648
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2665
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2692
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2698
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2727
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html
Mailing List
Third Party Advisory
https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html
Mailing List
Patch
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:2418
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2553
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2648
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2665
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2692
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2698
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2727
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html
Mailing List
Third Party Advisory
https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html
Mailing List
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openvswitch:openvswitch:2.7.0:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*

cpe:2.3:a:redhat:virtualization:4.1:*:*:*:*:*:*:*

cpe:2.3:a:redhat:virtualization_manager:4.1:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.0339

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-191

Связанные уязвимости

CVE-2017-9214

CVSS3: 9.8

ubuntu

больше 8 лет назад

In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.

CVE-2017-9214

CVSS3: 7.5

redhat

больше 8 лет назад

In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.

CVE-2017-9214

CVSS3: 9.8

debian

больше 8 лет назад

In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_RE ...

GHSA-6q3f-fc2p-9rh3

CVSS3: 9.8

github

больше 3 лет назад

In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.

SUSE-SU-2018:0311-1

suse-cvrf

около 8 лет назад

Security update for openvswitch

EPSS

Процентиль: 87%

0.0339

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-191