high
7.5
CWE
617
Advisory Published
Updated

CVE-2018-17205

First published: Wed Sep 19 2018(Updated: )

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash.

Credit: cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Openvswitch Openvswitch>=2.7.0<=2.7.6
Redhat Openstack=10
Redhat Openstack=13
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
ubuntu/openvswitch<2.9.2-0ubuntu0.18.04.3
2.9.2-0ubuntu0.18.04.3
debian/openvswitch
2.10.7+ds1-0+deb10u1
2.10.7+ds1-0+deb10u5
2.15.0+ds1-2+deb11u4
2.15.0+ds1-2+deb11u5
3.1.0-2
3.1.0-2+deb12u1
3.3.0~git20240118.e802fe7-3
3.3.0-4

Remedy

https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6

Remedy

https://github.com/openvswitch/ovs/commit/9a0ac025de9303334688ff08f01fc08604d2f624

Remedy

https://github.com/openvswitch/ovs/commit/638d406e3b647359f3d82189d7a6ee56b4a54928

Remedy

https://github.com/openvswitch/ovs/commit/24bf63b2132fa1d170c1f5594cb74ffa8e924092

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2018-17205?

    CVE-2018-17205 is a vulnerability in Open vSwitch (OvS) 2.7.x through 2.7.6 affecting ofproto_rule_insert__ function in ofproto/ofproto.c.

  • How does CVE-2018-17205 affect Open vSwitch?

    CVE-2018-17205 affects Open vSwitch by allowing attackers to add malicious flow actions that can cause denial of service or other impact.

  • What is the severity of CVE-2018-17205?

    The severity of CVE-2018-17205 is high, with a CVSS score of 7.5.

  • How can I fix CVE-2018-17205?

    To fix CVE-2018-17205, update Open vSwitch to version 2.10.7, 2.15.0, 3.1.0, or 3.2.0 for Debian, or version 2.9.2 for Ubuntu 18.04.

  • Where can I find more information about CVE-2018-17205?

    You can find more information about CVE-2018-17205 in the following references: [Red Hat Security Advisory RHSA-2018:3500](https://access.redhat.com/errata/RHSA-2018:3500), [Red Hat Security Advisory RHSA-2019:0053](https://access.redhat.com/errata/RHSA-2019:0053), [Red Hat Security Advisory RHSA-2019:0081](https://access.redhat.com/errata/RHSA-2019:0081).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203