PT-2017-18814 · Open Vswitch+3 · Openvswitch+3

Bhargava Shastry

Published

2017-05-29

Updated

2018-02-21

CVE-2017-9263

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Open vSwitch (OvS) version 2.7.0

Description The issue arises when parsing an OpenFlow role status message, where a call to the abort() function is made for undefined role status reasons in the ofp print role status message function located in lib/ofp-print.c. This could potentially be exploited by a malicious switch to launch a remote Denial of Service (DoS) attack.

Recommendations For Open vSwitch (OvS) version 2.7.0, consider disabling the ofp print role status message function as a temporary workaround until a patch is available to prevent potential exploitation.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2017-1874

CVE-2017-9263

RHSA-2017:2418

RHSA-2017:2553

RHSA-2017:2648

RHSA-2017:2665

RHSA-2017:2692

RHSA-2017:2698

RHSA-2017:2727

SUSE-SU-2017:2212-1

SUSE-SU-2017_2212-1

SUSE-SU-2018:0311-1

SUSE-SU-2018:0505-1

USN-3450-1

Affected Products

Alt Linux

Openvswitch

Suse

Ubuntu

PT-2017-18814 · Open Vswitch+3 · Openvswitch+3

CVE-2017-9263

Weakness Enumeration

Related Identifiers

Affected Products

References · 46