Описание
In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions extract_l3_ipv6, extract_l4_tcp, and extract_l4_udp that can be triggered remotely.
A buffer over-read was found in the Open vSwitch (OvS) firewall implementation. This flaw can be triggered by parsing a specially crafted TCP, UDP, or IPv6 packet. A remote attack could use this flaw to cause a Denial of Service (DoS).
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) | openvswitch | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) | openvswitch | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | openvswitch | Not affected | ||
| Red Hat OpenShift Enterprise 3 | openvswitch | Not affected | ||
| Red Hat OpenStack Platform 12 (Pike) | openvswitch | Not affected | ||
| Red Hat OpenStack Platform 8 (Liberty) | openvswitch | Not affected | ||
| Red Hat OpenStack Platform 9 (Mitaka) | openvswitch | Not affected | ||
| Fast Datapath for Red Hat Enterprise Linux 7 | openvswitch | Fixed | RHSA-2017:2418 | 03.08.2017 |
| Red Hat OpenStack Platform 10.0 (Newton) | openvswitch | Fixed | RHSA-2017:2648 | 06.09.2017 |
| Red Hat OpenStack Platform 11.0 (Ocata) | openvswitch | Fixed | RHSA-2017:2727 | 13.09.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.6 Medium
CVSS3
Связанные уязвимости
In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely.
In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely.
In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS ...
In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely.
EPSS
5.6 Medium
CVSS3