PT-2017-18816 · Open Vswitch+3 · Openvswitch+3

Bhargava Shastry

Published

2017-05-29

Updated

2019-10-03

CVE-2017-9265

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Open vSwitch (OvS) version 2.7.0

Description The issue arises from a buffer over-read that occurs while parsing the group mod OpenFlow message sent from the controller. This happens in the lib/ofp-util.c file, specifically within the ofputil pull ofp15 group mod function.

Recommendations For Open vSwitch (OvS) version 2.7.0, consider updating to a newer version that addresses this issue, as no specific fix is provided for this version.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2017-1874

CVE-2017-9265

RHSA-2017:2418

RHSA-2017:2553

RHSA-2017:2648

RHSA-2017:2665

RHSA-2017:2692

RHSA-2017:2698

RHSA-2017:2727

SUSE-SU-2017:2212-1

SUSE-SU-2018:0311-1

SUSE-SU-2018:0505-1

USN-3450-1

Affected Products

Alt Linux

Openvswitch

Suse

Ubuntu

PT-2017-18816 · Open Vswitch+3 · Openvswitch+3

CVE-2017-9265

Weakness Enumeration

Related Identifiers

Affected Products

References · 42