Описание
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service.
Отчет
To exploit this vulnerability, it requires LLDP processing to be enabled for a specific port, which is unlikely to be exploitable in any of the Red Hat products. Considering this restriction, the impact is lowered to moderate.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Fast Datapath for RHEL 7 | openvswitch | Out of support scope | ||
| Fast Datapath for RHEL 7 | openvswitch2.10 | Affected | ||
| Fast Datapath for RHEL 7 | openvswitch2.11 | Out of support scope | ||
| Fast Datapath for RHEL 7 | openvswitch2.12 | Will not fix | ||
| Fast Datapath for RHEL 7 | openvswitch2.13 | Out of support scope | ||
| Fast Datapath for RHEL 8 | openvswitch2.11 | Out of support scope | ||
| Fast Datapath for RHEL 8 | openvswitch2.12 | Will not fix | ||
| Red Hat Enterprise Linux 7 | openvswitch | Out of support scope | ||
| Red Hat OpenShift Container Platform 4 | openvswitch2.15 | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openvswitch2.16 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
An out-of-bounds read in Organization Specific TLV was found in variou ...
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
EPSS
9.8 Critical
CVSS3