Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-17204

Опубликовано: 19 сент. 2018
Источник: nvd
CVSS3: 4.3
CVSS2: 4
EPSS Низкий

Описание

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*
Версия от 2.7.0 (включая) до 2.7.6 (включая)
Конфигурация 2

Одно из

cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Конфигурация 4
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 78%
0.01127
Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-617

Связанные уязвимости

ubuntu логотип

CVE-2018-17204

CVSS3: 4.3
ubuntu
больше 7 лет назад

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default.

redhat логотип

CVE-2018-17204

CVSS3: 2.7
redhat
больше 7 лет назад

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default.

debian логотип

CVE-2018-17204

CVSS3: 4.3
debian
больше 7 лет назад

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, aff ...

github логотип

GHSA-4wv2-475w-c2fw

CVSS3: 4.3
github
больше 3 лет назад

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default.

fstec логотип

BDU:2019-00706

CVSS3: 4.3
fstec
больше 7 лет назад

Уязвимость метода parse_group_prop_ntr_selection_method программного многоуровневого коммутатора Open vSwitch, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 78%
0.01127
Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-617