cbcvebase.
CVE-2020-35498
published 2021-02-11

CVE-2020-35498: A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted…

high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

Affected

20 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debianopenvswitch< openvswitch 2.15.0~git20210104.def6eb1ea+dfsg1-5 (bookworm)openvswitch 2.15.0~git20210104.def6eb1ea+dfsg1-5 (bookworm)
fedoraprojectfedora
msrccm1_openvswitch_2.12.0-3_on_cbl_mariner_1.0
openvswitchopenvswitch
openvswitchopenvswitch>= 0 < 2.15.0~git20210104.def6eb1ea+dfsg1-52.15.0~git20210104.def6eb1ea+dfsg1-5
openvswitchopenvswitch>= 0 < 2.15.0~git20210104.def6eb1ea+dfsg1-52.15.0~git20210104.def6eb1ea+dfsg1-5
openvswitchopenvswitch>= 0 < 2.15.0~git20210104.def6eb1ea+dfsg1-52.15.0~git20210104.def6eb1ea+dfsg1-5
openvswitchopenvswitch>= 0 < 2.15.0~git20210104.def6eb1ea+dfsg1-52.15.0~git20210104.def6eb1ea+dfsg1-5
openvswitchopenvswitch>= 2.10.0 < 2.10.72.10.7
openvswitchopenvswitch>= 2.11.0 < 2.11.62.11.6
openvswitchopenvswitch>= 2.12.0 < 2.12.32.12.3
openvswitchopenvswitch>= 2.13.0 < 2.13.32.13.3
openvswitchopenvswitch>= 2.14.0 < 2.14.22.14.2
openvswitchopenvswitch>= 2.5.0 < 2.5.122.5.12
openvswitchopenvswitch>= 2.6.0 < 2.6.102.6.10
openvswitchopenvswitch>= 2.7.0 < 2.7.132.7.13
openvswitchopenvswitch>= 2.8.0 < 2.8.112.8.11
openvswitchopenvswitch>= 2.9.0 < 2.9.92.9.9

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH