Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Openvswitch Subscribe
Filtered by product Openvswitch

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-36980 1 Openvswitch 1 Openvswitch 2023-11-26 4.3 MEDIUM 5.5 MEDIUM
Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.
CVE-2018-17204 4 Canonical, Debian, Openvswitch and 1 more 4 Ubuntu Linux, Debian Linux, Openvswitch and 1 more 2021-08-04 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default.
CVE-2018-17206 4 Canonical, Debian, Openvswitch and 1 more 4 Ubuntu Linux, Debian Linux, Openvswitch and 1 more 2021-08-04 4.0 MEDIUM 4.9 MEDIUM
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.
CVE-2017-14970 1 Openvswitch 1 Openvswitch 2019-10-03 4.3 MEDIUM 5.9 MEDIUM
In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table."
CVE-2017-9263 1 Openvswitch 1 Openvswitch 2018-01-05 3.3 LOW 6.5 MEDIUM
In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch.