Latest openvswitch openvswitch Vulnerabilities

CVE-2024-22563
openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c.
Openvswitch Openvswitch=2.17.8
CVE-2022-4338
An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.
Openvswitch Openvswitch<2.13.10
Openvswitch Openvswitch>=2.14.0<2.14.8
Openvswitch Openvswitch>=2.15.0<2.15.7
Openvswitch Openvswitch>=2.16.0<2.16.6
Openvswitch Openvswitch>=2.17.0<2.17.5
Openvswitch Openvswitch>=3.0.0<3.0.3
and 2 more
CVE-2022-4337
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch.
Openvswitch Openvswitch<2.13.10
Openvswitch Openvswitch>=2.14.0<2.14.8
Openvswitch Openvswitch>=2.15.0<2.15.7
Openvswitch Openvswitch>=2.16.0<2.16.6
Openvswitch Openvswitch>=2.17.0<2.17.5
Openvswitch Openvswitch>=3.0.0<3.0.3
and 2 more
CVE-2019-25076
The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that req...
Openvswitch Openvswitch>=2.0.0<=2.17.2
Openvswitch Openvswitch=3.0.0
CVE-2022-0669
A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages tha...
redhat/dpdk<22.03
redhat/openvswitch2.13<0:2.13.0-180.el8fd
redhat/openvswitch2.15<0:2.15.0-99.el8fd
redhat/openvswitch2.16<0:2.16.0-74.el8fd
Dpdk Data Plane Development Kit>=20.02<22.03
Dpdk Data Plane Development Kit=19.11
and 11 more
CVE-2021-3905
A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
Openvswitch Openvswitch<2.17.0
Redhat Enterprise Linux Fast Datapath=7.0
Redhat Enterprise Linux Fast Datapath=8.0
Canonical Ubuntu Linux=21.10
Fedoraproject Fedora=35
ubuntu/openvswitch<2.16.0-0ubuntu2.1
and 2 more
CVE-2023-5366
Openvswitch don't match packets on nd_target field
Openvswitch Openvswitch<2023-02-28
Redhat Openshift Container Platform=4.0
Redhat Virtualization=4.0
Redhat Enterprise Linux=7.0
Redhat Fast Datapath
Redhat Enterprise Linux=7.0
and 11 more
CVE-2021-36980
Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.
Openvswitch Openvswitch>=2.11.0<=2.15.0
redhat/openvswitch2.11<0:2.11.3-89.el7fd
redhat/openvswitch2.13<0:2.13.0-102.el7fd
redhat/openvswitch2.11<0:2.11.3-86.el8fd
redhat/openvswitch2.13<0:2.13.0-114.el8fd
redhat/openvswitch2.15<0:2.15.0-24.el8fd
and 1 more
CVE-2020-27827
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of ...
redhat/openvswitch2.11<0:2.11.3-86.el7fd
redhat/openvswitch2.13<0:2.13.0-81.el7fd
redhat/openvswitch<0:2.9.9-1.el7fd
redhat/openvswitch2.13<0:2.13.0-79.5.el8fd
redhat/openvswitch2.11<0:2.11.3-83.el8fd
redhat/ovn2.11<0:2.11.1-57.el7fd
and 62 more
CVE-2020-35498
A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in...
debian/openvswitch<=2.10.0+2018.08.28+git.8ca7c82b7d+ds1-12+deb10u2<=2.10.0+2018.08.28+git.8ca7c82b7d+ds1-12<=2.15.0~git20210104.def6eb1ea+dfsg1-4<=2.10.6+ds1-0+deb10u1
Openvswitch Openvswitch>=2.5.0<2.5.12
Openvswitch Openvswitch>=2.6.0<2.6.10
Openvswitch Openvswitch>=2.7.0<2.7.13
Openvswitch Openvswitch>=2.8.0<2.8.11
Openvswitch Openvswitch>=2.9.0<2.9.9
and 15 more
CVE-2018-17204
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command...
Openvswitch Openvswitch>=2.7.0<=2.7.6
Redhat Openstack=10
Redhat Openstack=13
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Debian Debian Linux=9.0
and 3 more
CVE-2018-17206
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.
Openvswitch Openvswitch>=2.7.0<=2.7.6
Redhat Openstack=10
Redhat Openstack=13
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Debian Debian Linux=9.0
and 3 more
CVE-2018-17205
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto i...
Openvswitch Openvswitch>=2.7.0<=2.7.6
Redhat Openstack=10
Redhat Openstack=13
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
ubuntu/openvswitch<2.9.2-0ubuntu0.18.04.3
and 1 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203