Search CVE reports
11 – 20 of 25 results
CVE-2021-36980
Medium prioritySome fixes available 2 of 3
Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.
1 affected package
openvswitch
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openvswitch | — | Not affected | Fixed | Not affected | Not affected |
CVE-2020-35498
Medium priorityA vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide,...
1 affected package
openvswitch
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openvswitch | — | — | Fixed | Fixed | Fixed |
CVE-2020-27827
Medium prioritySome fixes available 12 of 24
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat...
2 affected packages
lldpd, openvswitch
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
lldpd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
openvswitch | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2015-8011
Medium prioritySome fixes available 4 of 7
Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large...
2 affected packages
lldpd, openvswitch
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
lldpd | — | — | Not affected | Not affected | Not affected |
openvswitch | — | — | Fixed | Fixed | Fixed |
CVE-2018-17206
Medium priorityAn issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.
1 affected package
openvswitch
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openvswitch | — | — | — | Fixed | Fixed |
CVE-2018-17205
Medium priorityAn issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be...
1 affected package
openvswitch
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openvswitch | — | — | — | Fixed | Not affected |
CVE-2018-17204
Medium priorityAn issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has...
1 affected package
openvswitch
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openvswitch | — | — | — | Fixed | Fixed |
CVE-2017-14970
Low priorityIn lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered...
1 affected package
openvswitch
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openvswitch | — | — | — | Not affected | Ignored |
CVE-2016-10377
Medium priorityIn Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of...
1 affected package
openvswitch
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openvswitch | — | — | — | — | Not affected |
CVE-2017-9265
Medium prioritySome fixes available 2 of 3
In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.
1 affected package
openvswitch
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openvswitch | — | — | — | — | Fixed |