Search CVE reports


Toggle filters

11 – 20 of 25 results


CVE-2021-36980

Medium priority

Some fixes available 2 of 3

Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.

1 affected package

openvswitch

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openvswitch Not affected Fixed Not affected Not affected
Show less packages

CVE-2020-35498

Medium priority
Fixed

A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide,...

1 affected package

openvswitch

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openvswitch Fixed Fixed Fixed
Show less packages

CVE-2020-27827

Medium priority

Some fixes available 12 of 24

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat...

2 affected packages

lldpd, openvswitch

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lldpd Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openvswitch Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2015-8011

Medium priority

Some fixes available 4 of 7

Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large...

2 affected packages

lldpd, openvswitch

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lldpd Not affected Not affected Not affected
openvswitch Fixed Fixed Fixed
Show less packages

CVE-2018-17206

Medium priority
Fixed

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.

1 affected package

openvswitch

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openvswitch Fixed Fixed
Show less packages

CVE-2018-17205

Medium priority
Fixed

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be...

1 affected package

openvswitch

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openvswitch Fixed Not affected
Show less packages

CVE-2018-17204

Medium priority
Fixed

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has...

1 affected package

openvswitch

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openvswitch Fixed Fixed
Show less packages

CVE-2017-14970

Low priority
Ignored

In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered...

1 affected package

openvswitch

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openvswitch Not affected Ignored
Show less packages

CVE-2016-10377

Medium priority
Not affected

In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of...

1 affected package

openvswitch

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openvswitch Not affected
Show less packages

CVE-2017-9265

Medium priority

Some fixes available 2 of 3

In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.

1 affected package

openvswitch

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openvswitch Fixed
Show less packages