CVE-2017-14970
Last modified
CVE-2017-14970 is a vulnerability of currently unknown severity. In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table.". EPSS estimates a 1.24% chance of exploitation in the next 30 days.
Description
In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table."
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Openvswitch | Openvswitch | <= 2.8.0 |
References
- https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.htmlMailing List, Patch, Vendor Advisory
- https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.htmlMailing List, Patch, Vendor Advisory
- https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.htmlMailing List, Patch, Vendor Advisory
- https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.htmlMailing List, Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-14970?
How severe is CVE-2017-14970?
How do I fix CVE-2017-14970?
Are you affected by CVE-2017-14970?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST