CVE-2018-17204

Name of the Vulnerable Software and Affected Versions Open vSwitch (OvS) versions 2.7.x through 2.7.6

Description An issue was discovered in Open vSwitch (OvS), affecting the parse group prop ntr selection method function in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. However, the OF1.5 decoder tries to use the type and command earlier, when it might still be invalid, causing an assertion failure via OVS NOT REACHED. This issue can be exploited by a remote attacker to cause a denial of service.

Recommendations For Open vSwitch (OvS) versions 2.7.x through 2.7.6, consider disabling support for OpenFlow 1.5 until a patch is available, as ovs-vswitchd does not enable it by default. As a temporary workaround, restrict the use of the parse group prop ntr selection method function in lib/ofp-util.c to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.