CVE-2017-9214

Name: CVE-2017-9214
Creator: NVD / NIST
Published: 2017-05-23T17:29:00.257+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 2.89%

Last modified Jun 17, 2026

CVE-2017-9214 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.. EPSS estimates a 2.89% chance of exploitation in the next 30 days.

Description

In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

2.89%

85.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-191

Affected Software

Vendor	Product	Versions
Openvswitch	Openvswitch	2.7.0
Debian	Debian Linux	9.0
Redhat	Openstack	6.0
Redhat	Openstack	7.0
Redhat	Openstack	8
Redhat	Openstack	9
Redhat	Openstack	10
Redhat	Openstack	11
Redhat	Virtualization	4.1
Redhat	Virtualization Manager	4.1
Redhat	Virtualization	4.0

References

https://access.redhat.com/errata/RHSA-2017:2418Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2553Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2648Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2665Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2692Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2698Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2727Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/02/msg00032.htmlMailing List, Third Party Advisory
https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.htmlMailing List, Patch, Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:2418Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2553Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2648Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2665Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2692Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2698Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2727Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/02/msg00032.htmlMailing List, Third Party Advisory
https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.htmlMailing List, Patch, Vendor Advisory

Timeline

Published: May 23, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-9214?

How severe is CVE-2017-9214?

CVE-2017-9214 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 2.89% probability of exploitation in the next 30 days.

How do I fix CVE-2017-9214?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-9214?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST