PT-2018-2704 · Open Vswitch+3 · Openvswitch+3

Published

2018-08-15

·

Updated

2021-08-04

·

CVE-2018-17206

CVSS v3.1

4.9

Medium

VectorAV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Open vSwitch (OvS) versions 2.7.x through 2.7.6
Description A buffer over-read issue exists in the decode bundle function inside lib/ofp-actions.c during BUNDLE action decoding. This issue can be exploited by a remote attacker to cause a denial of service.
Recommendations For Open vSwitch (OvS) versions 2.7.x through 2.7.6, consider disabling the decode bundle function as a temporary workaround until a patch is available. Restrict access to the lib/ofp-actions.c module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2018-2159
BDU:2019-01418
CVE-2018-17206
DLA-2571-1
OPENSUSE-SU-2018_4148-1
RHSA-2018:3500
RHSA-2019:0053
RHSA-2019:0081
SUSE-SU-2018:4128-1
USN-3873-1

Affected Products

Alt Linux
Openvswitch
Suse
Ubuntu