CVE-2018-17206

Опубликовано: 25 сент. 2018

Источник: redhat

CVSS3: 4.9

EPSS Низкий

Описание

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.

An issue was discovered in Open vSwitch (OvS) 2.5.x through 2.5.5, 2.6.x through 2.6.3, 2.7.x through 2.7.6, 2.8.x through 2.8.4, and 2.9.x through 2.9.2 where the decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding. A specially crafted flow update applied using the bundling feature of Open vSwitch could potentially cause a crash leading to a denial of service.

Затронутые пакеты

Платформа	Пакет	Состояние
Fast Datapath for RHEL 7	openvswitch2.10	Not affected
Fast Datapath for RHEL 8	openvswitch2.10	Not affected
Fast Datapath for RHEL 8	openvswitch2.11	Not affected
Red Hat OpenShift Container Platform 3.2	node	Not affected
Red Hat OpenShift Container Platform 3.3	node	Not affected
Red Hat OpenShift Container Platform 3.4	node	Not affected
Red Hat OpenShift Enterprise 3.0	openvswitch	Not affected
Red Hat OpenShift Enterprise 3.1	node	Not affected
Red Hat OpenStack Platform 12 (Pike)	openvswitch	Will not fix
Red Hat OpenStack Platform 14 (Rocky)	openvswitch	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=1632528openvswitch: Buffer over-read in lib/ofp-actions.c:decode_bundle()

EPSS

Процентиль: 84%

0.02077

Низкий

4.9 Medium

CVSS3

Связанные уязвимости

CVE-2018-17206

CVSS3: 4.9

ubuntu

больше 7 лет назад

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.

CVE-2018-17206

CVSS3: 4.9

nvd

больше 7 лет назад

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.

CVE-2018-17206

CVSS3: 4.9

debian

больше 7 лет назад

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The ...

GHSA-pcf7-fwpx-5mr2

CVSS3: 4.9

github

больше 3 лет назад

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.

BDU:2019-01418

CVSS3: 4.9

fstec

больше 7 лет назад

Уязвимость функции decode_bundle() программного многоуровневого коммутатора Open vSwitch, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 84%

0.02077

Низкий

4.9 Medium

CVSS3