CVE-2020-35498

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions openvswitch (affected versions not specified)

Description A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet, causing the resulting megaflow in the kernel to be too wide, potentially leading to a denial of service. The highest threat from this issue is to system availability. It is related to an uncontrolled resource consumption in the Open vSwitch software, which can be exploited by a remote attacker using a specially crafted packet.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALT-PU-2021-1479

ALT-PU-2021-1942

ALT-PU-2021-2054

BDU:2021-01134

CVE-2020-35498

DLA-2571-1

DSA-4852-1

OESA-2021-1179

OPENSUSE-SU-2021:0283-1

OPENSUSE-SU-2021_0283-1

RHSA-2021:0497

RHSA-2021:0834

RHSA-2021:0835

RHSA-2021:0837

RHSA-2021:1050

RHSA-2021:2077

RHSA-2021:2456

SUSE-SU-2021:0436-1

SUSE-SU-2021:0439-1

SUSE-SU-2021:0440-1

SUSE-SU-2021:0446-1

SUSE-SU-2021:0451-1

SUSE-SU-2021:0479-1

SUSE-SU-2021_0436-1

SUSE-SU-2021_0439-1

SUSE-SU-2021_0440-1

SUSE-SU-2021_0446-1

SUSE-SU-2021_0451-1

SUSE-SU-2021_0479-1

SUSE-SU-2022:3384-1

SUSE-SU-2022_3384-1

USN-4729-1

Affected Products

Alt Linux

Linuxmint

Suse

Ubuntu

Openvswitch

CVE-2020-35498

Weakness Enumeration

Related Identifiers

Affected Products

References · 48