PT-2017-18792 · Open Vswitch+3 · Openvswitch+3

Bhargava Shastry

Published

2017-05-23

Updated

2021-08-04

CVE-2017-9214

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Open vSwitch (OvS) version 2.7.0

Description The issue is caused by a buffer over-read due to an unsigned integer underflow in the ofputil pull queue get config reply10 function in lib/ofp-util.c, which occurs while parsing an OFPT QUEUE GET CONFIG REPLY type OFP 1.0 message.

Recommendations For Open vSwitch (OvS) version 2.7.0, consider disabling the ofputil pull queue get config reply10 function as a temporary workaround until a patch is available. Restrict access to the lib/ofp-util.c module to minimize the risk of exploitation. Avoid using the OFPT QUEUE GET CONFIG REPLY type OFP 1.0 message in the affected API endpoint until the issue is resolved.

Fix

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191

Related Identifiers

ALT-PU-2017-1874

CVE-2017-9214

DLA-2571-1

RHSA-2017:2418

RHSA-2017:2553

RHSA-2017:2648

RHSA-2017:2665

RHSA-2017:2692

RHSA-2017:2698

RHSA-2017:2727

SUSE-SU-2018:0311-1

SUSE-SU-2018:0505-1

USN-3450-1

Affected Products

Alt Linux

Openvswitch

Suse

Ubuntu

PT-2017-18792 · Open Vswitch+3 · Openvswitch+3

CVE-2017-9214

Weakness Enumeration

Related Identifiers

Affected Products

References · 55