Описание
An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a data underflow.
Отчет
To exploit this vulnerability, it requires LLDP processing to be enabled for a specific port, which is unlikely to be exploitable in any of the Red Hat products. Considering this restriction, the impact is lowered to moderate.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Fast Datapath for RHEL 7 | openvswitch | Out of support scope | ||
| Fast Datapath for RHEL 7 | openvswitch2.10 | Out of support scope | ||
| Fast Datapath for RHEL 7 | openvswitch2.11 | Out of support scope | ||
| Fast Datapath for RHEL 7 | openvswitch2.12 | Will not fix | ||
| Fast Datapath for RHEL 7 | openvswitch2.13 | Out of support scope | ||
| Fast Datapath for RHEL 8 | openvswitch2.11 | Out of support scope | ||
| Fast Datapath for RHEL 8 | openvswitch2.12 | Will not fix | ||
| Red Hat Enterprise Linux 7 | openvswitch | Out of support scope | ||
| Red Hat OpenShift Container Platform 4 | openvswitch2.15 | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | openvswitch2.16 | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
An integer underflow in Organization Specific TLV was found in various ...
An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
EPSS
9.8 Critical
CVSS3