CVE-2017-9263

CWE-20 — Improper Input Validation10 documents8 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 51.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openvswitch Openvswitch

Timeline

PublishedMay 29

Latest updateMay 14

Description

In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶Debianopenvswitch< 2.8.1+dfsg1-2+3

▶Ubuntuopenvswitch< 2.5.2-0ubuntu0.16.04.2

▶NVDopenvswitch/openvswitch2.7.0

Patches

Patch: mail.openvswitch.org ↗Patch: mail.openvswitch.org ↗

🔴Vulnerability Details

GHSA

GHSA-3r4j-wr9x-6p4f: In Open vSwitch (OvS) 2↗2022-05-14

▶

OSV

openvswitch vulnerabilities↗2017-10-11

▶

OSV

CVE-2017-9263: In Open vSwitch (OvS) 2↗2017-05-29

▶

CVEList

CVE-2017-9263: In Open vSwitch (OvS) 2↗2017-05-29

▶

📋Vendor Advisories

Ubuntu

Open vSwitch vulnerabilities↗2017-10-11

▶

Red Hat

openvswitch: Invalid processing of a malicious OpenFlow role status message↗2017-05-26

▶

Debian

CVE-2017-9263: openvswitch - In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, ther...↗2017

▶

💬Community

Bugzilla

CVE-2017-9263 openvswitch: Invalid processing of a malicious OpenFlow role status message↗2017-05-31

▶

Bugzilla

CVE-2016-10377 CVE-2017-9214 CVE-2017-9263 CVE-2017-9264 CVE-2017-9265 openvswitch: various flaws [fedora-all]↗2017-05-30

▶