CVE-2016-10377

Опубликовано: 22 июл. 2016

Источник: redhat

CVSS3: 5.6

Описание

In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in lib/flow.c in the function miniflow_extract, permitting remote bypass of the access control list enforced by the switch.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 7	openvswitch	Not affected
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)	openvswitch	Not affected
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)	openvswitch	Not affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)	openvswitch	Not affected
Red Hat OpenShift Enterprise 3	openvswitch	Not affected
Red Hat OpenStack Platform 10 (Newton)	openvswitch	Not affected
Red Hat OpenStack Platform 12 (Pike)	openvswitch	Not affected
Red Hat OpenStack Platform 8 (Liberty)	openvswitch	Not affected
Red Hat OpenStack Platform 9 (Mitaka)	openvswitch	Not affected
Red Hat Virtualization 4	openvswitch	Under investigation

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-190

https://bugzilla.redhat.com/show_bug.cgi?id=1457325openvswitch: Unsigned integer overflow in the miniflow_extract function

5.6 Medium

CVSS3

Связанные уязвимости

CVE-2016-10377

CVSS3: 8.8

ubuntu

больше 8 лет назад

In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch.

CVE-2016-10377

CVSS3: 8.8

nvd

больше 8 лет назад

CVE-2016-10377

CVSS3: 8.8

debian

больше 8 лет назад

In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switc ...

GHSA-w6j4-9556-fjfj

CVSS3: 8.8

github

больше 3 лет назад

5.6 Medium

CVSS3