CVE-2016-2074

Опубликовано: 28 мар. 2016

Источник: redhat

CVSS2: 7.4

Описание

Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.

A buffer overflow flaw was discovered in the OVS processing of MPLS labels. A remote attacker able to deliver a frame containing a malicious MPLS label that would be processed by OVS could trigger the flaw and use the resulting memory corruption to cause a denial of service (DoS) or, possibly, execute arbitrary code.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6	openvswitch	Not affected
Red Hat OpenStack Platform 8 (Liberty)	openvswitch	Not affected
Red Hat OpenStack Platform 8 (Liberty)	openvswitch-dpdk	Not affected
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7	openvswitch	Fixed	RHSA-2016:0523	30.03.2016
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7	openvswitch	Fixed	RHSA-2016:0524	30.03.2016
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7	openvswitch	Fixed	RHSA-2016:0537	30.03.2016
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7	openvswitch-dpdk	Fixed	RHSA-2016:0537	30.03.2016
Red Hat OpenShift Enterprise 3.1	openvswitch	Fixed	RHSA-2016:0615	11.04.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-121

https://bugzilla.redhat.com/show_bug.cgi?id=1318553openvswitch: MPLS buffer overflow vulnerability

7.4 High

CVSS2

Связанные уязвимости

CVE-2016-2074

CVSS3: 9.8

ubuntu

больше 9 лет назад

CVE-2016-2074

CVSS3: 9.8

nvd

больше 9 лет назад

CVE-2016-2074

CVSS3: 9.8

debian

больше 9 лет назад

Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x an ...

GHSA-xfh5-4xfg-3g5f

CVSS3: 9.8

github

больше 3 лет назад

7.4 High

CVSS2