CVE-2017-9214
published 2017-05-23CVE-2017-9214: In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | openvswitch | < openvswitch 2.8.1+dfsg1-2 (bookworm) | openvswitch 2.8.1+dfsg1-2 (bookworm) |
| openvswitch | openvswitch | — | — |
| openvswitch | openvswitch | >= 0 < 2.8.1+dfsg1-2 | 2.8.1+dfsg1-2 |
| openvswitch | openvswitch | >= 0 < 2.8.1+dfsg1-2 | 2.8.1+dfsg1-2 |
| openvswitch | openvswitch | >= 0 < 2.8.1+dfsg1-2 | 2.8.1+dfsg1-2 |
| openvswitch | openvswitch | >= 0 < 2.8.1+dfsg1-2 | 2.8.1+dfsg1-2 |
| openvswitch | openvswitch | >= 0 < 2.5.2-0ubuntu0.16.04.2 | 2.5.2-0ubuntu0.16.04.2 |
| redhat | openstack | — | — |
| redhat | openstack | — | — |
| redhat | openstack | — | — |
| redhat | openstack | — | — |
| redhat | openstack | — | — |
| redhat | openstack | — | — |
| redhat | virtualization | — | — |
| redhat | virtualization | — | — |
| redhat | virtualization_manager | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL