CVE-2017-14970

CWE-772 CWE-400 — Uncontrolled Resource Consumption8 documents7 sources

Severity

5.9MEDIUM

EPSS

0.5%

top 33.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openvswitch Openvswitch

Timeline

PublishedOct 2

Latest updateMay 13

Description

In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table."

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶Debianopenvswitch< 2.8.1+dfsg1-2+3

▶NVDopenvswitch/openvswitch2.8.0

Patches

Patch: mail.openvswitch.org ↗Patch: mail.openvswitch.org ↗Patch: mail.openvswitch.org ↗

🔴Vulnerability Details

GHSA

GHSA-jjh9-mpf5-64ww: In lib/ofp-util↗2022-05-13

▶

OSV

CVE-2017-14970: In lib/ofp-util↗2017-10-02

▶

CVEList

CVE-2017-14970: In lib/ofp-util↗2017-10-01

▶

📋Vendor Advisories

Red Hat

openvswitch: Multiple memory leaks in lib/ofp-util.c while parsing malformed OpenFlow group mod messages↗2017-09-21

▶

Debian

CVE-2017-14970: openvswitch - In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory ...↗2017

▶

💬Community

Bugzilla

CVE-2017-14970 openvswitch: Multiple memory leaks in lib/ofp-util.c while parsing malformed OpenFlow group mod messages [fedora-all]↗2017-10-03

▶

Bugzilla

CVE-2017-14970 openvswitch: Multiple memory leaks in lib/ofp-util.c while parsing malformed OpenFlow group mod messages↗2017-10-03

▶